Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7: istartsurf eingefangen/updates gehen nirgends mehr

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.06.2015, 12:07   #1
LeBlubb
 
Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Standard

Win 7: istartsurf eingefangen/updates gehen nirgends mehr



Moinsen.
ich hab mir dieses lästige Programm istatsurf irgendwie eingefangen. mitsamt ner ganzen anhängerschaft adwares etc.
die sind aber schon entfernt, nur das istartsurf selber habe ich noch nich gefunden und ich bin mir nicht sicher ob es ganz weg ist, zumal seitdem keinerleid updates mehr machen machen, bei allen programmen die automatische updates machen und dort mit ihren jeweiligen server verbinden wollen, melden, dass der host nicht erreichbar ist.
spybots hat nichts gefunden, ausser ein paar tracking cookies, google & co.
avast hat istartsurf als browsererweiterung (tollbarschutz) erkannt, ich habe die option gewählt dieses add-on zu entfernen.
wahrscheinlich wurde es auch entfernt (bin mir nich so ganz sicher), aber die einstellungen die dieses programm geändert hat nicht.
was habe ich sonst bisher gemacht:
ich habe firefox deinstalliert, sämtliche gespeicherten daten unter /benutzer/... manuell gelöscht und neuinstalliert. da läuft jetzt auch wieder alles.
danach im internet explorer istartsurf aus den einstellungen gelöscht (suche und startseite)
das problem mit dem avast updates habe ich versucht zu korrigieren, indem ich avast neuinstalliert hab. hat aber leider nichts gebracht, ausser dass die definitionsdatei jetzt noch n paar tage älter ist.
wär super wenn ihr mir da weiterhelfen könntet.

defogger_disable
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:33 on 06/06/2015 (Dolge)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         
FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Dolge (administrator) on DOLGE-PC on 06-06-2015 11:35:16
Running from C:\Users\Dolge\Downloads
Loaded Profiles: Dolge (Available Profiles: Dolge)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\RunLegacyCPLElevated.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\OSD.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Realtek Camera Manager] => C:\Windows\system32\RunLegacyCPLElevated.exe shell32.dll,Control_RunDLL "C:\Windows\system32\Realtek Camera Manager.cpl"
HKLM-x32\...\Run: [SL-6481 Gaming Keyboard] => C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.exe [1976832 2014-06-21] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-06] (Avast Software s.r.o.)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\b6dd1e85-e546-4a26-a272-a775eb0bf15c.exe [183232 2015-06-06] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-07] ()
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\RunOnce: [Adobe Speed Launcher] => 1433580674
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Policies\Explorer: [Run] "C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\IEUpdate\LocationNotifications.exe"
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: {32209ca5-2757-11e2-bd8c-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: {a07a7555-5441-11e4-a78f-bc5ff45ec1c4} - H:\setup.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: {bce7935f-2900-11e2-a70d-bc5ff4326929} - E:\setup.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-06] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{6551de96-3d84-4073-9481-a02f40452d9d} <======= ATTENTION (Policy restriction on IP)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4011178475-394731722-3904193916-1000 -> DefaultScope {86BC90EB-D1D5-40D4-9ED7-76A3617F0109} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4011178475-394731722-3904193916-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-4011178475-394731722-3904193916-1000 -> {86BC90EB-D1D5-40D4-9ED7-76A3617F0109} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-06] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-06] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1433445722&z=03b255d955116348128458eg8zccac3z3zdw8mbg8o&from=smt&uid=HitachiXHDS721050DLE630_MSE423RP1WHEPK1WHEPKX

FireFox:
========
FF ProfilePath: C:\Users\Dolge\AppData\Roaming\Mozilla\Firefox\Profiles\14bcrzmf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-19] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nexon.co.jp/NxGame -> C:\ProgramData\NexonJP\NGM\npNxGameJP.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2013-12-11] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-07] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4011178475-394731722-3904193916-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dolge\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-06] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4011178475-394731722-3904193916-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\Dolge\AppData\Roaming\Mozilla\Plugins\NpFv530.dll No File
FF Plugin HKU\S-1-5-21-4011178475-394731722-3904193916-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-11-07] (Pando Networks)
FF Plugin HKU\S-1-5-21-4011178475-394731722-3904193916-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-01] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Dolge\AppData\Roaming\Mozilla\Firefox\Profiles\14bcrzmf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-06]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-06] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-06] (Avast Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-19] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-06] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-06] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-06] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-06] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-14] (Disc Soft Ltd)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8228240 2012-09-19] (Realtek Semiconductor Corp.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-01] (Anchorfree Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-06] (Avast Software)
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 BRDriver64_1_3_3_7ECFDFEA; \??\C:\ProgramData\BitRaider\support\1.3.3\7ECFDFEA\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 11:35 - 2015-06-06 11:35 - 00022822 _____ C:\Users\Dolge\Downloads\FRST.txt
2015-06-06 11:35 - 2015-06-06 11:35 - 00000000 ____D C:\FRST
2015-06-06 11:34 - 2015-06-06 11:34 - 02108928 _____ (Farbar) C:\Users\Dolge\Downloads\FRST64.exe
2015-06-06 11:33 - 2015-06-06 11:33 - 00000542 _____ C:\Users\Dolge\Downloads\defogger_disable.log
2015-06-06 11:33 - 2015-06-06 11:33 - 00000168 _____ C:\Users\Dolge\defogger_reenable
2015-06-06 11:32 - 2015-06-06 11:32 - 00050477 _____ C:\Users\Dolge\Downloads\Defogger.exe
2015-06-06 11:00 - 2015-06-06 11:00 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\AVAST Software
2015-06-06 10:59 - 2015-06-06 10:59 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-06 10:59 - 2015-06-06 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-06 10:58 - 2015-06-06 10:58 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-06 10:58 - 2015-06-06 10:57 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-06 10:57 - 2015-06-06 10:57 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-06 10:57 - 2015-06-06 10:57 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-06 10:57 - 2015-06-06 10:57 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-06 10:55 - 2015-06-06 10:55 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\rnporqmj.sys
2015-06-06 10:51 - 2015-06-06 10:51 - 00000000 ____D C:\Users\Dolge\AppData\Local\LogMeIn
2015-06-06 10:41 - 2015-06-06 10:42 - 152923328 _____ (Avast Software s.r.o.) C:\Users\Dolge\Downloads\avast_free_antivirus_setup.exe
2015-06-06 02:48 - 2015-06-06 02:48 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-06 02:48 - 2015-06-06 02:48 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-06 02:48 - 2015-06-06 02:48 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-06 02:47 - 2015-06-06 02:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-05 15:41 - 2015-06-05 15:41 - 00002112 _____ C:\Users\Dolge\Desktop\Firefox - CHIP Downloader.lnk
2015-06-05 01:32 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150605-013234.backup
2015-06-05 00:31 - 2015-06-05 01:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-05 00:31 - 2015-06-05 00:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-05 00:31 - 2015-06-05 00:31 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-05 00:31 - 2015-06-05 00:31 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-06-05 00:31 - 2015-06-05 00:31 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-05 00:31 - 2015-06-05 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-05 00:31 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-06-05 00:29 - 2015-06-05 00:29 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dolge\Downloads\spybot-2.4.exe
2015-06-05 00:17 - 2015-06-05 00:17 - 00000000 _____ C:\autoexec.bat
2015-06-05 00:14 - 2015-06-05 00:15 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Dolge\Downloads\SpyHunter-Installer.exe
2015-06-04 21:53 - 2015-06-04 21:54 - 00000000 ____D C:\Users\Dolge\Zomboid
2015-06-04 21:50 - 2015-06-04 21:50 - 00000000 ____D C:\Users\Dolge\Downloads\Project.Zomboid.Build.32.3
2015-06-04 21:30 - 2015-06-04 21:44 - 562744975 ____R C:\Users\Dolge\Downloads\Project.Zomboid.Build.32.3.zip
2015-06-04 20:29 - 2015-06-04 20:29 - 00000000 ____D C:\Users\Dolge\Downloads\TownCraft.v2.1.6
2015-06-04 20:29 - 2015-06-04 20:29 - 00000000 ____D C:\Users\Dolge\AppData\Local\TownCraft
2015-06-04 20:25 - 2015-06-04 20:29 - 102086988 ____R C:\Users\Dolge\Downloads\TownCraft.v2.1.6.zip
2015-06-02 18:27 - 2015-06-06 02:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-29 00:33 - 2015-05-29 00:33 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-05-19 17:12 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 17:12 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 00:09 - 2015-05-16 00:10 - 04545280 _____ (Microsoft Corporation ) C:\Users\Dolge\Downloads\setup.exe
2015-05-15 23:22 - 2015-05-15 23:22 - 00000000 ____D C:\ProgramData\Stardock
2015-05-15 23:20 - 2015-05-15 23:20 - 00000831 _____ C:\Users\Dolge\Desktop\Galactic Civilizations III.lnk
2015-05-15 23:20 - 2015-05-15 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Civilizations III
2015-05-15 19:43 - 2015-05-15 19:43 - 00001612 _____ C:\Users\Public\Desktop\Not A Hero.lnk
2015-05-15 18:44 - 2015-05-15 21:41 - 00000000 ____D C:\Users\Dolge\Documents\Windward
2015-05-15 18:41 - 2015-06-05 11:14 - 00000000 ____D C:\Program Files (x86)\Windward
2015-05-15 18:39 - 2015-05-15 20:01 - 00000000 ____D C:\Users\Dolge\Downloads\Galactic.Civilizations.III-CODEX
2015-05-15 18:36 - 2015-05-15 18:36 - 00000000 ____D C:\Users\Dolge\Downloads\Not a hero
2015-05-15 18:34 - 2015-06-05 12:27 - 00000000 ____D C:\Users\Dolge\Downloads\Windward
2015-05-13 04:39 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 04:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 04:39 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 04:39 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 04:39 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 04:39 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 04:39 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 04:39 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 04:39 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 04:39 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 04:39 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 04:39 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 04:39 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 04:39 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 04:39 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 04:39 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 04:39 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 04:39 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 04:39 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 04:39 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 04:39 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 04:39 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 04:39 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 04:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 04:39 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 04:38 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 04:38 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 04:38 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 04:38 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 04:38 - 2015-04-10 18:54 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 04:38 - 2015-04-10 18:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 04:38 - 2015-04-10 18:43 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 04:38 - 2015-04-10 18:43 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 04:38 - 2015-04-10 18:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 04:38 - 2015-04-10 18:39 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 04:38 - 2015-04-10 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 04:38 - 2015-04-10 18:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 04:38 - 2015-04-10 18:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 04:38 - 2015-04-10 18:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 04:38 - 2015-04-10 18:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 04:38 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 04:38 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 04:38 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 04:38 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 04:38 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 04:38 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 04:38 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 04:38 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 04:38 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-13 04:38 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-13 04:37 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 04:37 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 04:37 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 11:33 - 2012-11-05 16:51 - 00000000 ____D C:\Users\Dolge
2015-06-06 11:31 - 2013-09-24 16:23 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-06 11:23 - 2012-11-07 20:52 - 00000000 ____D C:\Users\Dolge\AppData\Local\PMB Files
2015-06-06 11:22 - 2013-04-06 14:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-06 11:02 - 2009-07-14 06:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-06 11:02 - 2009-07-14 06:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-06 10:59 - 2012-11-05 16:46 - 01229595 _____ C:\Windows\WindowsUpdate.log
2015-06-06 10:55 - 2015-02-06 17:22 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Raptr
2015-06-06 10:55 - 2012-11-07 19:01 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-06 10:52 - 2013-08-27 15:50 - 00000000 ____D C:\Users\Dolge\AppData\Local\LogMeIn Hamachi
2015-06-06 10:52 - 2012-11-08 20:01 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Skype
2015-06-06 10:51 - 2015-03-23 19:26 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-06 10:50 - 2013-09-24 16:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-06 10:50 - 2012-11-07 19:29 - 01012680 _____ C:\Windows\PFRO.log
2015-06-06 10:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 10:50 - 2009-07-14 06:51 - 00035658 _____ C:\Windows\setupact.log
2015-06-06 10:49 - 2014-03-28 01:25 - 00000000 ____D C:\Program Files\GO2Bot
2015-06-06 10:27 - 2014-11-03 20:45 - 00000000 ____D C:\Users\Dolge\AppData\Local\Battle.net
2015-06-06 02:48 - 2012-11-07 18:34 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Mozilla
2015-06-06 02:48 - 2012-11-07 18:34 - 00000000 ____D C:\Users\Dolge\AppData\Local\Mozilla
2015-06-05 21:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-05 15:09 - 2014-08-23 17:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 15:08 - 2013-02-20 16:56 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB
2015-06-05 15:08 - 2012-11-05 17:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-05 15:06 - 2015-02-27 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wolfman's missions
2015-06-05 14:52 - 2009-07-14 19:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2015-06-05 14:52 - 2009-07-14 19:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2015-06-05 14:52 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-05 14:41 - 2009-07-14 06:45 - 00274240 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-05 14:40 - 2012-11-09 12:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-05 14:40 - 2012-11-09 12:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-05 00:14 - 2012-11-08 20:01 - 00000000 ____D C:\ProgramData\Skype
2015-06-05 00:07 - 2015-02-25 03:36 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\BitTorrent
2015-06-04 23:45 - 2013-04-06 14:16 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-04 23:45 - 2012-11-07 20:14 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-04 23:45 - 2012-11-07 20:14 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-04 23:39 - 2014-03-18 17:01 - 00000000 ____D C:\Program Files (x86)\GO2Bot
2015-06-04 21:24 - 2012-11-07 19:12 - 00000000 ____D C:\Games
2015-06-04 21:22 - 2014-12-06 15:46 - 00001053 _____ C:\Users\Dolge\Desktop\ Star Conflict Launcher.lnk
2015-06-04 21:22 - 2014-02-27 03:29 - 00001878 _____ C:\Users\Public\Desktop\WarThunder.lnk
2015-06-04 21:22 - 2012-11-05 16:51 - 00001745 _____ C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-04 21:22 - 2012-11-05 16:51 - 00001723 _____ C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-06-04 17:33 - 2014-06-29 13:04 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Winamp
2015-06-04 01:58 - 2014-03-30 16:18 - 00000223 _____ C:\Users\Dolge\Desktop\Neues Textdokument.txt
2015-06-02 21:41 - 2014-01-08 01:54 - 00005736 _____ C:\Users\Dolge\Desktop\GO2 Aufträge.txt
2015-05-29 00:33 - 2012-11-07 19:02 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-19 17:32 - 2013-08-04 13:14 - 00000000 ____D C:\Windows\system32\MRT
2015-05-19 17:32 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-19 17:24 - 2012-11-09 13:09 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-19 17:12 - 2012-11-09 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-19 17:06 - 2014-08-22 15:45 - 00000000 ____D C:\Users\Dolge\AppData\Local\Adobe
2015-05-19 17:03 - 2015-02-06 17:22 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-17 22:31 - 2012-11-07 20:21 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\vlc
2015-05-16 14:28 - 2012-11-05 17:01 - 00061128 _____ C:\Users\Dolge\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-16 02:26 - 2013-09-24 16:23 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 02:26 - 2013-09-24 16:23 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 23:23 - 2013-05-12 22:34 - 00000000 ____D C:\Users\Dolge\AppData\Local\Stardock
2015-05-15 23:20 - 2012-11-09 14:17 - 00000000 ____D C:\Users\Dolge\Documents\My Games
2015-05-15 19:43 - 2013-12-17 04:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-05-15 19:43 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

==================== Files in the root of some directories =======

2012-11-07 20:40 - 2014-03-16 22:35 - 0007600 _____ () C:\Users\Dolge\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 21:25

==================== End of log ============================
         

Alt 06.06.2015, 12:08   #2
LeBlubb
 
Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Standard

Win 7: istartsurf eingefangen/updates gehen nirgends mehr



Addition
[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Dolge at 2015-06-06 11:36:05
Running from C:\Users\Dolge\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4011178475-394731722-3904193916-500 - Administrator - Disabled)
Dolge (S-1-5-21-4011178475-394731722-3904193916-1000 - Administrator - Enabled) => C:\Users\Dolge
Gast (S-1-5-21-4011178475-394731722-3904193916-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4011178475-394731722-3904193916-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
BlueStacks Notification Center (HKLM-x32\...\{7E6316CA-5ED0-4EF9-9920-A92115E286B7}) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Consolas Font Family (HKLM-x32\...\{6AE22174-4FFA-4572-B692-31F0C386ED38}) (Version: 1.00.0000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
diclovit's mod pack 1.7.0 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 1.7.0 - diclovit)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Endless Legend (HKLM-x32\...\RW5kbGVzc0xlZ2VuZA==_is1) (Version: 1 - )
EVE Online (nur entfernen) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
Evil Genius (HKLM-x32\...\GOGPACKEVILGENIUS_is1) (Version: 2.0.0.15 - GOG.com)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Factorio version 0.11.19 (HKLM-x32\...\Factorio_is1) (Version:  - )
Fallout New Vegas Ultimate Edition (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version:  - )
FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.0 - Electronic Arts)
Galactic Civilizations III (HKLM-x32\...\Galactic Civilizations III_is1) (Version:  - )
GO2Bot (HKLM-x32\...\GO2Bot_is1) (Version:  - methejuggler)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guild Commander (HKLM-x32\...\Steam App 337220) (Version:  - GTGD)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hellgate (HKLM-x32\...\{65DF3688-6EF3-4C86-83DE-54AB46029F07}) (Version: 2.0.0.3 - Hanbit Soft)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft MechCommander 2 (HKLM-x32\...\MechCommander2 1.0) (Version:  - )
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.0 - Ubisoft)
Minecraft 1.6.4 1.00 (HKLM-x32\...\Minecraft 1.6.4 1.00) (Version:  - )
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Not A Hero (HKLM-x32\...\1429698467_is1) (Version: 2.0.0.1 - GOG.com)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.7.0.0 - Pando Networks Inc.)
Pando Media Booster Packages (HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Pando Media Booster Packages) (Version:  - ) <==== ATTENTION
Pictures of a Rebellion (HKLM-x32\...\Pictures of a Rebellion) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Railroad Tycoon 3 CTC version 1.05 (HKLM-x32\...\{B2398CDA-063B-4B9F-9857-DABF6EF0C3E0}_is1) (Version: 1.05 - vol1)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Conflict Launcher 1.0.1.40 (HKLM-x32\...\StarConflictLauncher_is1) (Version:  - )
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version:  - Cryptic Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold 2 Deluxe (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.000 - Firefly Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TangoMaster (HKLM-x32\...\TangoMaster) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Titans Of Steel - Warring Suns (HKLM-x32\...\{2FB7DF75-D6CF-47B8-8BD0-BACE1C711DC4}) (Version: 1.00.000 - )
TransOcean - The Shipping Company (HKLM-x32\...\VHJhbnNPY2VhblRoZVNoaXBwaW5nQ29tcGFueQ==_is1) (Version: 1 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB Video Device (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.8400.10186 - Realtek Semiconductor Corp.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Victory At Sea (HKLM-x32\...\Steam App 298480) (Version:  - Evil Twin Artworks)
VIRTUIS ADVANCED Gaming Keyboard Driver (HKLM-x32\...\{B3CDED64-7DC2-429D-A325-BBC3CF793AA6}) (Version: 1.0 - SPEEDLINK)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
War Thunder Launcher 1.0.1.322 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
Wasteland 2 (HKLM-x32\...\1207665783_is1) (Version: 2.0.0.8 - GOG.com)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation)
wolfman-x (HKLM-x32\...\wolfman-x) (Version:  - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1) (Version:  - Wargaming.net)
World of Warships (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814EU}_is1) (Version:  - Wargaming.net)
XCOM: Enemy Within (HKLM-x32\...\WENPTUVuZW15V2l0aGlu_is1) (Version: 1 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-06-05 01:32 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04C6F3C4-EF9A-4FE8-AB7C-FF0843457632} - System32\Tasks\{743ECE16-A0F9-4BCF-BD45-4651E0A2CD55} => pcalua.exe -a C:\Users\Dolge\Downloads\wlsetup-all_de_16.4.3505.0912.exe -d C:\Users\Dolge\Downloads
Task: {389221DF-2666-4740-8399-0FD884C90ABB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {4BC65316-DF34-4A70-B82A-D719DE97D177} - System32\Tasks\{B0EE1314-98CC-4D36-8FB4-13557DC196C0} => C:\Games\Mech Commander 2\Mc2Rel.exe
Task: {579E0B51-EB0D-4637-9153-E26B959C4FE9} - System32\Tasks\{7143DC77-B811-4209-832E-EF99F8CB62E8} => E:\Setup.exe
Task: {661788BE-2D39-43A5-A426-FF107FF1D601} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {6F07A997-7F1E-455C-92DB-73488E97E729} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-06] (Avast Software s.r.o.)
Task: {70823CAE-5F82-4D52-8DB6-9C5128B1E634} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {76D1D165-50CF-4938-96A9-30D9632E3C44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {BCBE2B12-4444-408B-8EA1-D6AA0450C242} - System32\Tasks\{8252994F-78F4-4A57-B4C5-4AA15FD48902} => E:\Setup\SETUP.EXE
Task: {BF9915BF-D991-4ACC-A3EE-A37820595725} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C7D387FB-EC41-4A87-8065-23E37723E05A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D9E76E6C-F567-4060-A977-6E6944FE19A4} - System32\Tasks\{A1C777F0-E3BF-40CC-AF15-3CCD252C3936} => pcalua.exe -a E:\Fifa.Manager.11.RiP.JoeKkerr.part1.exe -d E:\
Task: {D9F0AB95-BC4A-4C85-8735-0C1799CD0D3E} - System32\Tasks\{8761556F-ACCE-404A-8422-81CD52D300BD} => C:\Users\Dolge\Downloads\NF2_Downloader.exe
Task: {E9E1F38A-DBC0-432A-924A-00A98B20539E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-04] (Adobe Systems Incorporated)
Task: {F1A8B0A9-5DA8-4FC8-A477-CF1AE40C8E22} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FC7C9B53-D1AA-4F89-8BEB-AD1662F08BE0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2014-08-21 13:53 - 2014-06-21 12:16 - 01976832 _____ () C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE
2014-08-21 13:53 - 2013-07-11 09:38 - 00169984 _____ () C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\OSD.exe
2013-07-19 12:53 - 2013-07-19 12:53 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-21 13:53 - 2013-08-17 14:13 - 00036864 _____ () C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Lang\Lang_EN.dll
2014-08-21 13:53 - 2012-11-05 08:37 - 00061440 _____ () C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\hiddriver.dll
2015-06-05 00:31 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-05 00:31 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-05 00:31 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-05 00:31 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-05 00:31 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2014-08-14 02:37 - 2014-08-14 02:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 02:37 - 2014-08-14 02:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2013-11-21 02:05 - 2013-11-21 02:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 02:56 - 2014-06-18 02:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-06-06 10:57 - 2015-06-06 10:57 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-06 10:57 - 2015-06-06 10:57 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-06 10:58 - 2015-06-06 10:58 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15042800\algo.dll
2015-06-06 10:57 - 2015-06-06 10:57 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E7D787E0-D69D-467F-8EA8-0C580E5CAC10}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{D530CB3E-4755-4279-BC96-495C11709762}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{C05787B4-3A5E-4A30-8BCD-5311235683DF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{10CD868C-87D2-42B3-B3FA-9475959EDC1B}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{0FF9DAA1-F6C5-4C96-AEF0-7FBB23677308}] => (Allow) LPort=56420
FirewallRules: [{78B689DB-BEB3-4BEE-BE1F-8D18880CB469}] => (Allow) LPort=56420
FirewallRules: [{74364C2C-BB4C-4D50-9BD0-583DAD6F3A6C}] => (Allow) LPort=56420
FirewallRules: [{295695B7-688C-4046-838F-53E6FF5B2A49}] => (Allow) LPort=56420
FirewallRules: [{06E211DB-B1B8-47F5-9B81-F3116915AD7F}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{80DB96EA-3772-464D-9027-B4FA8F79E69C}C:\games\world_of_warplanes\worldofwarplanes.exe] => (Allow) C:\games\world_of_warplanes\worldofwarplanes.exe
FirewallRules: [UDP Query User{438FC49D-D47B-400E-9A3D-2DF4F0C03659}C:\games\world_of_warplanes\worldofwarplanes.exe] => (Allow) C:\games\world_of_warplanes\worldofwarplanes.exe
FirewallRules: [TCP Query User{3733BA81-6A8F-46B9-979E-0389D0E0123E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{061D3F0D-81D3-4821-B531-D5472DBC452C}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{92315A70-5CC6-4466-80D1-4A615953A6FF}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{850C77F2-0BC1-4A97-A51E-48903808B4F9}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{BFEEA739-D182-44DC-BB86-309DED1BB36A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7106CF72-3109-4B27-B5FA-F75B7942473B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{410EB6D6-AA13-43BF-BD33-32F101165ACB}] => (Allow) LPort=2869
FirewallRules: [{348505E2-B7B4-4BCD-BCAC-93433F1A178C}] => (Allow) LPort=1900
FirewallRules: [{16063145-77DB-4C4E-BBCE-D61652EAFD74}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{5005F42E-7E5C-4C66-B4E3-41D783DAC44D}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe] => (Block) C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [UDP Query User{E7C035FE-0803-418B-B390-3203148C6F8A}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe] => (Block) C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [TCP Query User{71A60597-2E9C-4327-96FE-7562F46F9998}C:\games\naval war arctic circle\nwac.exe] => (Block) C:\games\naval war arctic circle\nwac.exe
FirewallRules: [UDP Query User{95820350-976E-4708-9E08-7094D7D5676A}C:\games\naval war arctic circle\nwac.exe] => (Block) C:\games\naval war arctic circle\nwac.exe
FirewallRules: [TCP Query User{02C9B724-D068-4847-81F1-E4FD505D74DD}C:\games\naval war arctic circle\nwac.exe] => (Block) C:\games\naval war arctic circle\nwac.exe
FirewallRules: [UDP Query User{D7ABA78C-DE89-4B05-84E2-5D949A0267E4}C:\games\naval war arctic circle\nwac.exe] => (Block) C:\games\naval war arctic circle\nwac.exe
FirewallRules: [TCP Query User{55EA5A0F-B9CD-4AF4-9FA4-C7B985808636}C:\users\dolge\downloads\battlestations pacific\battlestations pacific\bsp.exe] => (Block) C:\users\dolge\downloads\battlestations pacific\battlestations pacific\bsp.exe
FirewallRules: [UDP Query User{B58FA2FA-8F56-4530-BD72-A3F12C49B4E7}C:\users\dolge\downloads\battlestations pacific\battlestations pacific\bsp.exe] => (Block) C:\users\dolge\downloads\battlestations pacific\battlestations pacific\bsp.exe
FirewallRules: [TCP Query User{08D1F509-D085-48E0-A4D6-62EBCE40D19A}C:\games\dc universe\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\games\dc universe\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{4A81D570-3123-4649-99CC-CBCE76F3BB12}C:\games\dc universe\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\games\dc universe\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{6FF87B53-3B8A-431E-985E-18589EE3922B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{54898E4C-2336-462D-875A-7B4D4F26E622}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{AB2606D8-CDDE-48D9-9E95-FC25618E9214}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{83C4974E-C97E-43E3-BB1F-259980EAFA2B}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [{AC7AE98F-2CE1-4498-985E-7F5AEA60EC37}] => (Allow) C:\Users\Dolge\Downloads\NF2_Downloader.exe
FirewallRules: [{0FB11AFC-3A29-4D93-AC89-CD80993E9A3A}] => (Allow) C:\Users\Dolge\Downloads\NF2_Downloader.exe
FirewallRules: [{4656E6B4-C944-4798-93E2-84BEDC2D2122}] => (Allow) C:\Users\Dolge\Downloads\NF2_Downloader.exe
FirewallRules: [{51FE2DD6-E3C6-4A85-A51E-BE9F9DF52FD3}] => (Allow) C:\Users\Dolge\Downloads\NF2_Downloader.exe
FirewallRules: [{A4A79881-62B4-4F53-8C41-B76BB9DDF8BD}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{A46F68D1-ED2F-40C6-A0F1-12D7B74DDBE5}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [TCP Query User{142E092D-133E-4319-B1BE-E827F412B085}C:\users\dolge\downloads\neverwinter_nw.1.20130416a.6.exe] => (Allow) C:\users\dolge\downloads\neverwinter_nw.1.20130416a.6.exe
FirewallRules: [UDP Query User{9CFE9624-A50D-4E87-ADA6-0D354CCB05F7}C:\users\dolge\downloads\neverwinter_nw.1.20130416a.6.exe] => (Allow) C:\users\dolge\downloads\neverwinter_nw.1.20130416a.6.exe
FirewallRules: [TCP Query User{5F29E814-00CB-4AC0-98F8-64566592C9EE}C:\games\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{7B42267B-0534-4720-AFD3-7D22929DA456}C:\games\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{C02D01B8-2A43-48CF-A296-225B2576350C}] => (Allow) C:\ProgramData\NexonJP\NGM\NGM.exe
FirewallRules: [{465014F5-7277-45CD-8BEF-374A96E927F2}] => (Allow) C:\ProgramData\NexonJP\NGM\NGM.exe
FirewallRules: [TCP Query User{A0C63096-F1D9-4AD3-B3C7-222C53D3E558}C:\games\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\games\star trek online\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{4BF8F09A-A86B-4184-85E7-DC55956760BD}C:\games\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\games\star trek online\star trek online\live\gameclient.exe
FirewallRules: [{709FF1EC-D7B6-4654-9F4B-544FBC32D292}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{B22DA5DC-701B-4874-BCA9-DF9C41745552}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B416D967-32DF-4FA7-A56C-9797A925D0CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B2DEA4D0-1295-461C-AC23-EE22DBDBE802}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5348E462-2719-4621-8E5A-6E0BE27B7A70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BBC5D20-2704-4891-8BCF-AFABB1D3B1F9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{FC120DDA-4423-4929-A772-D37CC1734BB7}C:\users\dolge\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dolge\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2927DA3D-AAE9-47BD-A4D1-FB26B5123F76}C:\users\dolge\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dolge\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{C56B2666-672F-46C0-BB56-FF00A430B6B1}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{DC007694-6A4E-454B-B8EE-09D3842FCB5C}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [TCP Query User{E75B6A9E-E2DA-47D6-A779-2AFF8F4E93E2}C:\users\dolge\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dolge\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{EFCAF7A0-502F-49F9-8C9A-311E31EBEB51}C:\users\dolge\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dolge\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{08226D53-D950-4A0E-99AF-17B37703BEB9}C:\users\dolge\appdata\local\apps\2.0\gh8lt9xc.r11\b0qwem6k.ztg\laun...app_59711684aa47878d_0001.0021_ab3ee13873571d13\launcher.exe] => (Allow) C:\users\dolge\appdata\local\apps\2.0\gh8lt9xc.r11\b0qwem6k.ztg\laun...app_59711684aa47878d_0001.0021_ab3ee13873571d13\launcher.exe
FirewallRules: [UDP Query User{40548420-7F46-402F-B17C-2F2C90DD76F1}C:\users\dolge\appdata\local\apps\2.0\gh8lt9xc.r11\b0qwem6k.ztg\laun...app_59711684aa47878d_0001.0021_ab3ee13873571d13\launcher.exe] => (Allow) C:\users\dolge\appdata\local\apps\2.0\gh8lt9xc.r11\b0qwem6k.ztg\laun...app_59711684aa47878d_0001.0021_ab3ee13873571d13\launcher.exe
FirewallRules: [{CF64148E-FAD4-4B08-AF47-7B32DE163330}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8D58B383-D9DF-4E7D-A91E-9E9453B60CB3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4B18B1EA-F037-4BC8-B263-397B9CD2E362}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4AD4FF77-852C-4D77-B904-A30A676257FC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{6AE1C1B3-A348-4C97-AFBF-693169204138}C:\games\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\games\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [UDP Query User{68428B8A-6AF7-4EA6-89BE-4DEDCB2AE4AB}C:\games\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\games\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [TCP Query User{3C316122-ECEC-4053-B866-F52FB3FC33B9}C:\games\eveonline\bin\exefile.exe] => (Allow) C:\games\eveonline\bin\exefile.exe
FirewallRules: [UDP Query User{61A7DF74-2338-47F1-971B-C46754756599}C:\games\eveonline\bin\exefile.exe] => (Allow) C:\games\eveonline\bin\exefile.exe
FirewallRules: [TCP Query User{125D6301-9193-4C7C-AE6E-D6D4ED174356}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{BAF2F8F5-D073-45A1-AF72-CEFFBB45D75A}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{7432CE6E-E5D9-4089-996B-0553E44D3DBE}C:\users\dolge\downloads\quake3\quake3.exe] => (Allow) C:\users\dolge\downloads\quake3\quake3.exe
FirewallRules: [UDP Query User{C37BC0B8-629A-43CC-BAB9-5417361A98D9}C:\users\dolge\downloads\quake3\quake3.exe] => (Allow) C:\users\dolge\downloads\quake3\quake3.exe
FirewallRules: [TCP Query User{5CB8B110-0B55-40A8-BD2B-D4BD27244F8A}C:\quake iii arena\quake3\quake3.exe] => (Allow) C:\quake iii arena\quake3\quake3.exe
FirewallRules: [UDP Query User{F7D43B49-B780-4D5D-84FE-2D7428DBD371}C:\quake iii arena\quake3\quake3.exe] => (Allow) C:\quake iii arena\quake3\quake3.exe
FirewallRules: [TCP Query User{2694C7A1-5C11-4888-8617-134CDD97465D}C:\games\quake3\quake3.exe] => (Allow) C:\games\quake3\quake3.exe
FirewallRules: [UDP Query User{DD245BA6-D49B-4D2F-AB51-C52D20E0BEDC}C:\games\quake3\quake3.exe] => (Allow) C:\games\quake3\quake3.exe
FirewallRules: [{6F350706-A887-4F31-BFFE-EE443B29649E}] => (Allow) C:\Users\Dolge\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A54415C-9434-4FCF-B7AC-939B772464AB}] => (Allow) C:\Users\Dolge\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EBEF0DF8-6200-4587-9410-D059B5532E7F}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{EA9AA0B8-94C9-40F4-B5DA-4D5A685A7B26}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{C2F3CE8F-119E-4CE6-BF85-64B65BE8828D}] => (Allow) C:\Steam\SteamApps\common\Spellforce 2 - Faith in Destiny\Docs\SF2_FiD_Manual.pdf
FirewallRules: [{A59A255E-93E2-4FB8-B3D4-5D92078B905D}] => (Allow) C:\Steam\SteamApps\common\Spellforce 2 - Faith in Destiny\Docs\SF2_FiD_Manual.pdf
FirewallRules: [{BE36F5F2-2207-4366-BC89-0F8B241917A2}] => (Allow) C:\Steam\SteamApps\common\Spellforce 2 - Faith in Destiny\Docs\MapEditorFirstSteps.pdf
FirewallRules: [{B187652E-84D8-4DEB-AE49-4BF23E1547AF}] => (Allow) C:\Steam\SteamApps\common\Spellforce 2 - Faith in Destiny\Docs\MapEditorFirstSteps.pdf
FirewallRules: [TCP Query User{41824C4A-57B2-4DD1-9F78-12E6E81083AC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{736E88C2-AC43-4D02-9DE9-2EC581CA4F91}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{473E2478-5110-4ECB-B25C-703FF5C5B545}] => (Allow) C:\Users\Dolge\AppData\Local\Viber\Viber.exe
FirewallRules: [{05E61224-CB98-4755-BB27-AEBF9683E03E}] => (Block) %SystemDrive%\Games\FM12\Manager12.exe
FirewallRules: [{14A25CDA-264B-4914-AF0A-0CE9C99889AC}] => (Block) %SystemDrive%\Games\FM12\EdManager12.exe
FirewallRules: [{7E941C1F-D39D-489E-BA03-B7A44ECA926E}] => (Block) %SystemDrive%\Games\FM12\Core\activation.exe
FirewallRules: [{B6319C02-AACA-4454-8386-22A9BA7E6BD3}] => (Block) %SystemDrive%\Games\FM12\Core\EACoreServer.exe
FirewallRules: [{E6ED282B-B1FC-4769-8FD2-482F0B2CF509}] => (Block) %SystemDrive%\Games\FM12\Core\PatchProgress.exe
FirewallRules: [{22461E14-5702-4833-9FE1-E98F70117617}] => (Block) %SystemDrive%\Games\FM12\online\FMOnline.exe
FirewallRules: [TCP Query User{D4D641FF-8F80-4886-8CE0-1E1377767795}C:\games\godus\windows\godus.exe] => (Block) C:\games\godus\windows\godus.exe
FirewallRules: [UDP Query User{DD4CEFF8-1D08-4B9E-9041-E5FF1979526A}C:\games\godus\windows\godus.exe] => (Block) C:\games\godus\windows\godus.exe
FirewallRules: [{2230C576-EC81-4AAC-8652-CC3504B1C315}] => (Block) %USERPROFILE%\Downloads\XCOM Enemy Unkonwn\iaa-X.E.U\Binaries\Win32\XComGame.exe
FirewallRules: [TCP Query User{9407DFA1-DD35-45CB-8536-D62CC6BD725C}C:\users\dolge\downloads\xcom enemy unkonwn\iaa-x.e.u\binaries\win32\xcomgame.exe] => (Block) C:\users\dolge\downloads\xcom enemy unkonwn\iaa-x.e.u\binaries\win32\xcomgame.exe
FirewallRules: [UDP Query User{D6AD8431-7433-4A85-BCA9-ABB9BE6D0EAF}C:\users\dolge\downloads\xcom enemy unkonwn\iaa-x.e.u\binaries\win32\xcomgame.exe] => (Block) C:\users\dolge\downloads\xcom enemy unkonwn\iaa-x.e.u\binaries\win32\xcomgame.exe
FirewallRules: [TCP Query User{FF0E4115-89EE-4913-9E99-9FFD8AB8C5A7}C:\games\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Block) C:\games\xcom enemy within\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{C1648DD1-AF3A-42B3-A3B3-EA48CF35CE1D}C:\games\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Block) C:\games\xcom enemy within\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{99352BAC-417D-449C-B2FF-5CB9662D7845}C:\program files (x86)\gameforgelive\games\deu_deu\runes of magic\client.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\runes of magic\client.exe
FirewallRules: [UDP Query User{1836E039-A3BA-426E-AB3B-C4406B109483}C:\program files (x86)\gameforgelive\games\deu_deu\runes of magic\client.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\runes of magic\client.exe
FirewallRules: [{9D7C19EB-7D34-48CD-9406-9C80099A6546}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A78C3A1B-49C1-4C7C-928A-71C85B1CEC29}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F355D04E-54DF-4A06-A194-F8C72E9AA2AB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{930BE472-130C-4F98-BF8D-41AAED6648D2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{70728E1E-FAA6-4207-82C0-B0F947C43F6F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5D224721-C96E-4ED0-8BE5-53E40C31B3FF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{18CF5889-3A75-4729-AAA0-FBACC12ECA6A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{009FC4D7-C670-4BD5-9988-CED5D887DA4B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B54CC007-3134-4B7E-8551-3FB087AF05D9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{89952251-8733-4689-9F63-0DF53D347E98}] => (Allow) LPort=80
FirewallRules: [{4D6E6068-8486-45A8-8DB2-4CAF57F54A9D}] => (Allow) LPort=443
FirewallRules: [{06984532-16A4-4CE5-AD86-8049732BA885}] => (Allow) LPort=20010
FirewallRules: [{627225B0-F393-4E6D-8705-1F3A2F272F44}] => (Allow) LPort=3478
FirewallRules: [{1BC200BD-F517-48F1-95EE-DEF52E60A3F7}] => (Allow) LPort=7850
FirewallRules: [{2370DF6B-4448-4531-8A35-32825D768776}] => (Allow) LPort=7852
FirewallRules: [{3F77AF08-F745-4AEC-AC52-5F40E4B6F239}] => (Allow) LPort=7853
FirewallRules: [{3170F977-5EA0-4684-9B83-BEB9855332CA}] => (Allow) LPort=27022
FirewallRules: [{3045E659-6348-4CF6-BE69-9F0B63636AAF}] => (Allow) LPort=6881
FirewallRules: [{92A4377B-9EC8-4E43-BBBD-B68A430F7BF5}] => (Allow) LPort=33333
FirewallRules: [{B16B296B-88E4-418F-9D44-173F2EA1837B}] => (Allow) LPort=20443
FirewallRules: [{F6CA0A9F-0E52-42D7-B3E3-139C5B22B61F}] => (Allow) LPort=8090
FirewallRules: [{460BD186-41AE-4229-B01B-5C83A530EF9F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{45B615E4-69CD-4738-95C1-28A6E0D2EA89}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AB9FA84C-1CBF-4D70-BA6D-FD6BB48C529B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{9B86B9F6-46B2-44FC-AA28-206165F59D12}C:\games\warthunder - kopie\launcher.exe] => (Allow) C:\games\warthunder - kopie\launcher.exe
FirewallRules: [UDP Query User{A10D3447-1DF8-4A37-BBB3-A4263482AF81}C:\games\warthunder - kopie\launcher.exe] => (Allow) C:\games\warthunder - kopie\launcher.exe
FirewallRules: [{656B1FDC-E9A1-4CC9-BD45-12DC5756CAF1}] => (Allow) C:\Games\WarThunder\launcher.exe
FirewallRules: [{70FD0087-2F3B-4A61-B70A-D047B271149D}] => (Allow) C:\Games\WarThunder\launcher.exe
FirewallRules: [TCP Query User{FC36322B-D7F3-4CF3-AA79-73FFD5C1B56A}C:\games\warthunder - kopie\aces.exe] => (Allow) C:\games\warthunder - kopie\aces.exe
FirewallRules: [UDP Query User{EC2D4052-4AB8-49DA-AD7F-445C5491769C}C:\games\warthunder - kopie\aces.exe] => (Allow) C:\games\warthunder - kopie\aces.exe
FirewallRules: [{7CB5222D-AB90-444E-9C09-703A280F569D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{28E75FF6-BCEE-4297-BF05-3ED5CF3CB310}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{2E3DEBCD-4FFB-4959-A02F-DC5D484A74CC}C:\games\warthunder\aces.exe] => (Allow) C:\games\warthunder\aces.exe
FirewallRules: [UDP Query User{C828C9BE-67EB-4F3D-BF25-631E6DF3EF26}C:\games\warthunder\aces.exe] => (Allow) C:\games\warthunder\aces.exe
FirewallRules: [{2EA67AD2-9120-4882-B5B9-F8814F4172CB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{38B4771C-5746-4C42-9A64-5AF1CC64F853}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2AA67482-392A-4938-A7BC-2D39170A5F7B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AFDE24BC-01DE-4FD4-A468-3FD8356635A5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{391DA562-4287-4824-8EDA-8FA583F900A2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D5AE7992-2541-4133-924C-C0DBDB474E93}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{56C080E0-5A53-4966-A41F-10E881F3E753}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{37CC77E3-EDA7-40B0-B6B7-A9EDB1BAE7D5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F684E80E-8C36-4972-9A8A-2A9765D84300}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{68C273B8-EF8F-4E3D-920D-7DC3037C33FC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{F2038FE9-BD17-43B9-9699-B0F80A6E88B6}C:\users\dolge\downloads\openttd-1.3.3-windows-win64\openttd.exe] => (Allow) C:\users\dolge\downloads\openttd-1.3.3-windows-win64\openttd.exe
FirewallRules: [UDP Query User{0874AE68-CB89-44F4-AD9C-27D7684AA46B}C:\users\dolge\downloads\openttd-1.3.3-windows-win64\openttd.exe] => (Allow) C:\users\dolge\downloads\openttd-1.3.3-windows-win64\openttd.exe
FirewallRules: [{6EA97082-816A-4C1B-A50F-B16974F13642}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2D0F0DE4-189E-430F-B72F-D1F9E4CD3ED3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6A213FE4-E7FD-468B-A165-290AA4F79EDB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A4FF56D6-1AC3-4415-B043-6130B4E7D559}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{20CE983A-FF93-41C6-991D-C29B2CF890C1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A473B6B9-4083-434E-B502-6CCE359AA350}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B38E05B9-25EC-4EC1-B101-72FA41D0AFF7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F341F053-B8CD-46C5-92C5-4C5EAC3FFB78}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D419AA32-4483-42F7-8229-3DA9F1CA7697}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{46DF5A69-17B6-45E2-BE26-1515BA444E31}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C2FAF982-6248-4F1C-A118-61CE073FD640}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EF3F5441-0EAF-42F8-85AA-36446DF070E8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{613399E9-48C3-472C-9FF7-41B73E2AA179}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5713556D-90FE-4845-B184-92668A2B4D90}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{46A98D48-E5C6-4325-BA6D-AADCB57D8452}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{350A7D01-F468-4C8B-A635-D3F0B8B31C8F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D6315892-3149-44A0-A9C7-943DBDFD5DB4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F0ECCEDA-E33C-4EE4-908E-4CEB7AF583A1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{306E5FCC-BC8D-4F9B-88F9-7C276A0B15F7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2A673550-5B2D-45DD-985B-146141CF6C21}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{17693664-3B02-4460-9BA9-B0F0C2A2569F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DC25D8DA-C3C3-44CD-8D57-C05339C30D74}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BE6BF9A1-0BB1-424C-B220-1DBDDCC062E0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DC3B0AD1-F572-4BB4-BDFC-B37682EFFC9B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0F409515-5DFA-43F8-BC1C-6B62D190854B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{706920B7-B0FB-4CB4-B353-DC412900538E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{82E3FB75-1E6D-4BBE-B7C9-D03BC91C3548}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D8D4A309-0369-4204-B6B4-B654AE47D0DD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{51848E85-F954-4CF4-84DA-3C40C99637DB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{55A90995-0876-4845-AC91-F1AD034B36D5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{201668FF-2CDB-4D25-AAE0-D342184F521F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{37F379FE-BD15-4F42-B051-01B1BBB44B80}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EB69964E-12B6-4C7E-9B85-0D03240A44A6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E0903B6C-3CA4-4127-87F5-285BF83E57E9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9D8704C7-A183-4825-9175-2F9365DB1BA9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{17A401D5-E32A-4667-B83F-16B2DA192C86}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4C186678-7577-4B08-8DE7-CFCC5215BFF9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9962CDDB-43EA-4608-A119-DF2FCA4C1673}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BCB1E33F-F653-4CBD-ADA0-EA7FA4241F5A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{66A99D03-E702-46A3-8DB3-F138E9D6DA4D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5454FF4A-08FF-4373-8A52-00B59D6E70F3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4552C26A-102B-479B-AB7F-304B54903F78}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A1F373C0-AB82-4A5D-8992-94671ED98C21}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A01CC517-59F0-4B97-91FD-A2CD34B97466}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{28E69DDB-AE04-4618-8F1F-E05B28B6923E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9CBE866A-9B74-4358-B741-CF77FC635663}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E3F2E52B-4992-472E-A24F-56D0D9888402}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AAECC322-89BA-4366-8D71-3027BE6BB2D9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F6A523A2-8BAA-4450-AB17-0D33E10FE5C7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{91B29DCF-5E49-41BD-921C-D1B55D968348}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{642FBF3B-C9BC-4900-8253-66A95CD02CBA}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{29F063AE-1784-4763-BF08-F7E41EBF7075}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A1A0FFD7-DA01-4B65-82B3-48CA1183E116}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D651E871-6ED3-4B49-A458-F935E5E15194}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F3DD69CA-7E85-40BE-BE25-CF2D59DBFF5F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{852A3DDD-F794-4633-9316-2F66577F5F1F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F416B9D0-DA05-4613-AECF-51229A1106E1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{02E0BAB8-DE8B-45D1-A9D0-82D217A33776}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D85722CE-A4C1-49D8-966C-FB0C11C5F4B0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F1ED0CC5-CD00-4E8C-88B1-AA596CA3E9AE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{061D6DC4-16EA-4E96-9C28-8FD907D8B0BE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EC34FBD6-AF35-4024-A499-FFF22A547235}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BC27286E-A9F8-4925-8B9C-954F60F845F6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{81DB57BC-9EF8-446B-A477-8343D6A88C54}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1B79BE15-F51A-409F-B149-F1D88C94E00A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5DAE4F6B-C91B-49D5-A629-CA720F4E5313}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{45889D0B-6E93-4D6F-A600-112D3171084E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DC848940-A10E-4B0B-8820-EBB3A6287AD6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{AC077C54-F194-4A51-81A0-0D72568B19D2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{3E5E94CC-6CCD-4E02-9824-4A00660A0118}] => (Allow) C:\Games\HOMM6\Might & Magic Heroes VI.exe
FirewallRules: [{DF3DB903-EB32-40EA-9981-D61C7F139067}] => (Allow) C:\Games\HOMM6\Might & Magic Heroes VI.exe
FirewallRules: [{E9493259-3CDC-4F97-9B36-7269B1A77732}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3A4BEDC8-5D23-42E2-93D4-9B8D0DFCA0B2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BAC8B251-62BE-4F32-9F30-0BD8F9845159}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C72E753A-8A7B-47FE-B6FD-2418CDB37C6F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EEA70586-F588-4043-8F98-ADFCA744885E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9087180B-3096-46DA-A03D-E33FB5A1B2FB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0B51EA92-7025-4549-9D2B-AF67DD49676D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{50038E5C-2083-4EA0-9949-9692DD5FBC04}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0BB81DDB-4A8E-47E3-9161-D8B56C9EB17B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{082AC508-C6D7-45C9-8A60-EC8F5429F905}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7D1083DE-6E8D-4184-9935-EBAB7AEBBF03}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9883C105-1D19-4324-8898-D2BD8558D7D2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{10AACFBF-588C-4C24-AF36-91168F2F7BAB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4B0FADC8-8BF7-4E75-B65C-DAEEC1E3A86D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BF706805-536E-48DF-900D-25BF8A4909D2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5048B8EB-93CB-4487-A60D-207CBBB0EF50}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7F72C234-AA75-4AA9-BCAF-64E4785872D9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{53BDFAD7-AE70-4881-890A-1A2F467C147D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5761D09D-7411-4130-8EBD-931363645643}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C20F6C3C-6B9B-46AD-9B05-1505F4E309C4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C0F0A592-85EB-4390-A010-E355D1F6996A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C9E9E5D7-433D-47EF-ACC1-ECA5E55AA47E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{22850962-59A3-4ED9-AF87-2160E17C6D4C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D5B25C12-65B4-4E34-9094-A53C55336CBC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{61B293F9-5798-48B1-9462-0A2EF22EC585}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B6A449AD-FB4E-49D2-9D45-176F588B7832}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8A28400B-35FD-4B69-9C4C-EC40E317D421}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1E99B1BF-E62A-4C4B-A291-A4A42B542F7A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2B412608-7A41-417A-9ED6-9EA413C6AFDA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7AC99958-1C09-435C-84B9-C3700000CCCC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{85EEF2B0-01CD-40D1-A54B-472399FAB807}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4CF46B74-D265-4AD5-9703-2EA6540E7E49}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{05305F40-8DB4-4899-A9F2-962AEC6F3C08}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3B22F3B0-169F-409A-BAFF-9BA84A960265}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6D0E3C6E-9A5D-48C4-877B-283BCF36D258}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EFE9D8ED-212C-46EA-9ED3-27E0C7E10F13}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5D500439-ECEC-4CDB-AC8B-DB50971EDDEB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6C9406FE-C73E-4764-AA30-8FE899AD99BA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F814FC3B-EAC6-4C60-A5BD-EBA3693436AE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A6E3BA71-A1FB-4A93-B66F-B571411C34A3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FF5BAE15-444B-4DE9-AA61-6032DA7015FD}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{B354922F-DC4B-4300-B96D-5CC300E6E583}C:\games\divinity original sin\shipping\eocapp.exe] => (Block) C:\games\divinity original sin\shipping\eocapp.exe
FirewallRules: [UDP Query User{EBD677F1-A4BA-48B2-B37E-1ADC87836E93}C:\games\divinity original sin\shipping\eocapp.exe] => (Block) C:\games\divinity original sin\shipping\eocapp.exe
FirewallRules: [{2DE4F318-352E-4089-8D61-BF5E975C22CB}] => (Allow) C:\Steam\SteamApps\common\MarchOfWar\game.exe
FirewallRules: [{57889A54-6C4C-4521-9E47-F90F6B8860B4}] => (Allow) C:\Steam\SteamApps\common\MarchOfWar\game.exe
FirewallRules: [TCP Query User{4BFA72DC-4B5D-423E-881E-7244D33C5EA8}C:\steam\steamapps\common\marchofwar\marchofwar.exe] => (Allow) C:\steam\steamapps\common\marchofwar\marchofwar.exe
FirewallRules: [UDP Query User{E87D5883-9DAD-4F35-84FE-9D11FE0FEDA0}C:\steam\steamapps\common\marchofwar\marchofwar.exe] => (Allow) C:\steam\steamapps\common\marchofwar\marchofwar.exe
FirewallRules: [TCP Query User{6427D046-8096-4AEA-91F9-03BAA2717C41}C:\games\soldat\soldat.exe] => (Allow) C:\games\soldat\soldat.exe
FirewallRules: [UDP Query User{7FEA7038-4E15-401D-A183-760E58FB1BE4}C:\games\soldat\soldat.exe] => (Allow) C:\games\soldat\soldat.exe
FirewallRules: [{25A3A500-BBCA-498F-AD2C-FE5B7DB2133F}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{98C0D1FA-9EF6-4B49-912E-DEB8BCCA6B3C}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{FE776BE0-D8CB-469B-B85C-F6E8848DE2BB}] => (Allow) C:\Games\Stronghold2\Stronghold2.exe
FirewallRules: [{8E3F103A-FBE6-487B-84C7-859677723A89}] => (Allow) C:\Games\Stronghold2\Stronghold2.exe
FirewallRules: [{8E433C37-C66A-4833-A35B-5E0D78771A88}] => (Allow) C:\Games\Battle.net\Battle.net.exe
FirewallRules: [{7570106F-9F09-4CCF-ABD5-AEFB54C98466}] => (Allow) C:\Games\Battle.net\Battle.net.exe
FirewallRules: [{035A2348-C679-4F13-8415-A6976AF14546}] => (Allow) C:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [{191F48EE-CAB7-4906-91ED-D98F9A702275}] => (Allow) C:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [{95803439-1642-4D9F-88B5-3483BA8A18C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{7B3DDEDE-14BB-455B-B12C-6940E78C59D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [TCP Query User{C9F8A110-B621-40C9-AD98-6B3863380434}C:\games\star conflict\launcher.exe] => (Allow) C:\games\star conflict\launcher.exe
FirewallRules: [UDP Query User{8394BEC0-3656-4783-BECA-6B1604B05E7D}C:\games\star conflict\launcher.exe] => (Allow) C:\games\star conflict\launcher.exe
FirewallRules: [{0583EB7A-F2FD-4AB2-A663-19DA22D19E31}] => (Allow) C:\Games\BattleLine\BattleLine.exe
FirewallRules: [{B615B89E-65D2-46B9-BDCB-29C44B5BE625}] => (Allow) C:\Games\BattleLine\BattleLine.exe
FirewallRules: [{78986F55-D732-404C-8697-9EB45CE59DEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{CDA7069C-D996-43E9-80A2-16E062A991BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{10547F49-7387-47FC-B44B-9D9CC449210A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{CF54F210-4025-4DB8-B7DA-3EF9EB373416}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{B7B44F26-B28A-4FE0-B773-61E1E03295D7}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{1B645315-305A-4484-B1DB-D350ABB75AEF}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{CA411531-C73A-4302-B55A-182B6438D1BD}] => (Allow) C:\Users\Dolge\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D4C480F4-5716-49E3-B19E-B062D7F34AFC}] => (Allow) C:\Users\Dolge\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1C1D8647-8DD9-4DC2-80A3-68C217B7A60B}] => (Allow) C:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{1D8E6F23-0A8C-4751-9F77-9ACC343D3CF4}] => (Allow) C:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{2A6B2CE9-4078-4B73-84A3-68FF3E6221D0}] => (Allow) C:\Games\Hellgate Global\HGLLauncher.exe
FirewallRules: [{5F4A2E40-18BA-4F50-BB4F-9EDEBA06FE7B}] => (Allow) C:\Games\Hellgate Global\HGLLauncher.exe
FirewallRules: [{BE518750-AD7D-4B3B-80BE-D4D1BCA11691}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{67322C8E-DDF5-4C34-BD59-932E9773F83A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{33405337-C303-48DC-B0E7-037258A2DBAB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{85BBAF09-1083-42A4-9426-83864148596B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{18305853-6B59-4E5B-8B7E-A91AFEA34046}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{18C5DED6-8445-4A7D-A36B-A8A7EBC38721}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{EED399BD-54D1-4565-8277-C7E8DC337B01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Commander\Guild Commander.exe
FirewallRules: [{5B829818-ACE8-4DF1-B603-837AA6846A07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Commander\Guild Commander.exe
FirewallRules: [{E41162E3-AB7B-434D-8598-EA6AFF114E9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VictoryAtSea\VictoryAtSea.exe
FirewallRules: [{2DBA41F1-C6C4-4D67-9692-39CB22BFA047}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VictoryAtSea\VictoryAtSea.exe
FirewallRules: [TCP Query User{D8D247BA-EF72-4DCB-850D-686422DF1F27}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{5949E6F8-A7B3-4E7D-AA5D-6CDAC3C91FC2}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{39ADA0A7-1CA5-496D-B34F-BC0CA322BC41}C:\program files (x86)\windward\windward.exe] => (Allow) C:\program files (x86)\windward\windward.exe
FirewallRules: [UDP Query User{882CCC20-E24E-4F29-93EC-EA1188BB38F1}C:\program files (x86)\windward\windward.exe] => (Allow) C:\program files (x86)\windward\windward.exe
FirewallRules: [{0ECE90B1-C2FF-48CC-9443-A9A81938FEB9}] => (Block) %SystemDrive%\Games\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{A3C066A3-EC82-489C-95E9-72841CBB82E1}] => (Block) %SystemDrive%\Games\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{9FE1845D-26BB-443B-84F6-92A40A3E24AB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B45A4275-80B9-4496-BC2D-744D5BB207AA}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EF9BC642-EB3F-45C5-BBFC-E24BE16D1E2E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{90CD97E7-3E80-447F-8A65-06A2EAF2C0BA}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{BBD8C299-909E-4249-AFD5-6F997F5B4AFD}] => (Allow) C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\IEUpdate\LocationNotifications.exe
FirewallRules: [{A8F9D110-ABB9-41F8-B9A0-FA30B25A156F}] => (Allow) C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\IEUpdate\LocationNotifications.exe
FirewallRules: [{E986E5D6-F9E0-4756-8E4A-48891EC31DDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D781AB8-DF27-475E-9127-5A2AD6105758}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD1301F6-538A-4A55-B3AB-F6A7E26019D3}] => (Allow) LPort=49166
FirewallRules: [{8ADB49CC-2326-4BBA-A6DC-E90908694DDB}] => (Allow) LPort=5000
FirewallRules: [{D4453503-93C5-442E-8E9C-076F8161CF4F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BD44DB39-2BE4-40FA-88B3-3E51A712808D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2015 11:02:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/06/2015 11:00:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/06/2015 10:56:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/06/2015 10:52:02 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/06/2015 02:57:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16644, Zeitstempel: 0x5527ea05
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0e453a70
ID des fehlerhaften Prozesses: 0x18f8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (06/06/2015 02:57:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16644, Zeitstempel: 0x5527ea05
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0e453a70
ID des fehlerhaften Prozesses: 0x18f8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (06/05/2015 03:07:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/05/2015 02:43:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/05/2015 01:24:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDFiles.exe, Version 2.4.40.135 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: eb4

Startzeit: 01d09f1ce2b0c4d6

Endzeit: 5

Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe

Berichts-ID: cf6e2d42-0b10-11e5-995b-bc5ff45ec1c4

Error: (06/05/2015 00:32:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.


System errors:
=============
Error: (06/06/2015 10:52:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/05/2015 02:43:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/05/2015 02:43:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UI Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/05/2015 02:43:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst UI Assistant Service erreicht.

Error: (06/03/2015 10:12:00 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (06/03/2015 10:12:00 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 112.

Error: (06/03/2015 10:12:00 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 112.

Error: (06/03/2015 03:12:01 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (06/03/2015 03:12:00 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 112.

Error: (06/03/2015 03:12:00 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 112.


Microsoft Office:
=========================
Error: (06/06/2015 11:02:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/06/2015 11:00:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/06/2015 10:56:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/06/2015 10:52:02 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/06/2015 02:57:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.166445527ea05unknown0.0.0.000000000c000041d0e453a7018f801d09f91fd0e3cc3C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown0d75be71-0be7-11e5-af6a-bc5ff45ec1c4

Error: (06/06/2015 02:57:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.166445527ea05unknown0.0.0.000000000c00000050e453a7018f801d09f91fd0e3cc3C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown0bae8435-0be7-11e5-af6a-bc5ff45ec1c4

Error: (06/05/2015 03:07:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\1&1 Surf-Stick\Component\BKATProtocol.dll

Error: (06/05/2015 02:43:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/05/2015 01:24:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDFiles.exe2.4.40.135eb401d09f1ce2b0c4d65C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.execf6e2d42-0b10-11e5-995b-bc5ff45ec1c4

Error: (06/05/2015 00:32:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X3 450 Processor
Percentage of memory in use: 24%
Total physical RAM: 8191.24 MB
Available physical RAM: 6173.58 MB
Total Pagefile: 16380.69 MB
Available Pagefile: 13879.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:107.01 GB) NTFS
Drive d: (TOS) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5B2C1D1A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---
__________________


Alt 06.06.2015, 12:09   #3
LeBlubb
 
Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Standard

Win 7: istartsurf eingefangen/updates gehen nirgends mehr



Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-06 12:41:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721050DLE630 rev.MS1OA650 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Dolge\AppData\Local\Temp\ugloapod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                             0000000076101401 2 bytes JMP 76ffb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                               0000000076101419 2 bytes JMP 76ffb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                             0000000076101431 2 bytes JMP 77078f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                             000000007610144a 2 bytes CALL 76fd489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                              * 9
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                00000000761014dd 2 bytes JMP 77078822 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                         00000000761014f5 2 bytes JMP 770789f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                000000007610150d 2 bytes JMP 77078718 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                         0000000076101525 2 bytes JMP 77078ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                               000000007610153d 2 bytes JMP 76fefca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                    0000000076101555 2 bytes JMP 76ff68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                             000000007610156d 2 bytes JMP 77078fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                               0000000076101585 2 bytes JMP 77078b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                  000000007610159d 2 bytes JMP 770786dc C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                               00000000761015b5 2 bytes JMP 76fefd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                             00000000761015cd 2 bytes JMP 76ffb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                         00000000761016b2 2 bytes JMP 77078ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                         00000000761016bd 2 bytes JMP 77078671 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                             0000000076101401 2 bytes JMP 76ffb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                               0000000076101419 2 bytes JMP 76ffb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                             0000000076101431 2 bytes JMP 77078f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                             000000007610144a 2 bytes CALL 76fd489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                              * 9
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                00000000761014dd 2 bytes JMP 77078822 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                         00000000761014f5 2 bytes JMP 770789f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                000000007610150d 2 bytes JMP 77078718 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                         0000000076101525 2 bytes JMP 77078ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                               000000007610153d 2 bytes JMP 76fefca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                    0000000076101555 2 bytes JMP 76ff68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                             000000007610156d 2 bytes JMP 77078fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                               0000000076101585 2 bytes JMP 77078b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                  000000007610159d 2 bytes JMP 770786dc C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                               00000000761015b5 2 bytes JMP 76fefd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                             00000000761015cd 2 bytes JMP 76ffb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                         00000000761016b2 2 bytes JMP 77078ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                         00000000761016bd 2 bytes JMP 77078671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                         0000000076101401 2 bytes JMP 76ffb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                           0000000076101419 2 bytes JMP 76ffb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                         0000000076101431 2 bytes JMP 77078f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                         000000007610144a 2 bytes CALL 76fd489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                              * 9
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                            00000000761014dd 2 bytes JMP 77078822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                     00000000761014f5 2 bytes JMP 770789f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                            000000007610150d 2 bytes JMP 77078718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                     0000000076101525 2 bytes JMP 77078ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                           000000007610153d 2 bytes JMP 76fefca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                0000000076101555 2 bytes JMP 76ff68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                         000000007610156d 2 bytes JMP 77078fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                           0000000076101585 2 bytes JMP 77078b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                              000000007610159d 2 bytes JMP 770786dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                           00000000761015b5 2 bytes JMP 76fefd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                         00000000761015cd 2 bytes JMP 76ffb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                     00000000761016b2 2 bytes JMP 77078ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                     00000000761016bd 2 bytes JMP 77078671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                     0000000076101401 2 bytes JMP 76ffb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                       0000000076101419 2 bytes JMP 76ffb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                     0000000076101431 2 bytes JMP 77078f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                     000000007610144a 2 bytes CALL 76fd489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                              * 9
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                        00000000761014dd 2 bytes JMP 77078822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                 00000000761014f5 2 bytes JMP 770789f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                        000000007610150d 2 bytes JMP 77078718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                 0000000076101525 2 bytes JMP 77078ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                       000000007610153d 2 bytes JMP 76fefca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                            0000000076101555 2 bytes JMP 76ff68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                     000000007610156d 2 bytes JMP 77078fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                       0000000076101585 2 bytes JMP 77078b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                          000000007610159d 2 bytes JMP 770786dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                       00000000761015b5 2 bytes JMP 76fefd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                     00000000761015cd 2 bytes JMP 76ffb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                 00000000761016b2 2 bytes JMP 77078ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                 00000000761016bd 2 bytes JMP 77078671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000076101401 2 bytes JMP 76ffb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000076101419 2 bytes JMP 76ffb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000076101431 2 bytes JMP 77078f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007610144a 2 bytes CALL 76fd489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                              * 9
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000761014dd 2 bytes JMP 77078822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000761014f5 2 bytes JMP 770789f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007610150d 2 bytes JMP 77078718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000076101525 2 bytes JMP 77078ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007610153d 2 bytes JMP 76fefca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000076101555 2 bytes JMP 76ff68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007610156d 2 bytes JMP 77078fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000076101585 2 bytes JMP 77078b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007610159d 2 bytes JMP 770786dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000761015b5 2 bytes JMP 76fefd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000761015cd 2 bytes JMP 76ffb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000761016b2 2 bytes JMP 77078ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000761016bd 2 bytes JMP 77078671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                      0000000076101401 2 bytes JMP 76ffb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                        0000000076101419 2 bytes JMP 76ffb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                      0000000076101431 2 bytes JMP 77078f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                      000000007610144a 2 bytes CALL 76fd489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                              * 9
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                         00000000761014dd 2 bytes JMP 77078822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                  00000000761014f5 2 bytes JMP 770789f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                         000000007610150d 2 bytes JMP 77078718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                  0000000076101525 2 bytes JMP 77078ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                        000000007610153d 2 bytes JMP 76fefca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                             0000000076101555 2 bytes JMP 76ff68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                      000000007610156d 2 bytes JMP 77078fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                        0000000076101585 2 bytes JMP 77078b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                           000000007610159d 2 bytes JMP 770786dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                        00000000761015b5 2 bytes JMP 76fefd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                      00000000761015cd 2 bytes JMP 76ffb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                  00000000761016b2 2 bytes JMP 77078ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2572] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                  00000000761016bd 2 bytes JMP 77078671 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                 0000000072df17fa 2 bytes CALL 76fd11a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                             0000000072df1860 2 bytes CALL 76fd11a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                           0000000072df1942 2 bytes JMP 75107089 C:\Windows\syswow64\WS2_32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                          0000000072df194d 2 bytes JMP 7510cba6 C:\Windows\syswow64\WS2_32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                   0000000076101401 2 bytes JMP 76ffb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                     0000000076101419 2 bytes JMP 76ffb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                   0000000076101431 2 bytes JMP 77078f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                   000000007610144a 2 bytes CALL 76fd489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                              * 9
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                      00000000761014dd 2 bytes JMP 77078822 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                               00000000761014f5 2 bytes JMP 770789f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                      000000007610150d 2 bytes JMP 77078718 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                               0000000076101525 2 bytes JMP 77078ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                     000000007610153d 2 bytes JMP 76fefca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                          0000000076101555 2 bytes JMP 76ff68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                   000000007610156d 2 bytes JMP 77078fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                     0000000076101585 2 bytes JMP 77078b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                        000000007610159d 2 bytes JMP 770786dc C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                     00000000761015b5 2 bytes JMP 76fefd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                   00000000761015cd 2 bytes JMP 76ffb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                               00000000761016b2 2 bytes JMP 77078ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                               00000000761016bd 2 bytes JMP 77078671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                     0000000076101401 2 bytes JMP 76ffb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                       0000000076101419 2 bytes JMP 76ffb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                     0000000076101431 2 bytes JMP 77078f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                     000000007610144a 2 bytes CALL 76fd489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                              * 9
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                        00000000761014dd 2 bytes JMP 77078822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                 00000000761014f5 2 bytes JMP 770789f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                        000000007610150d 2 bytes JMP 77078718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                 0000000076101525 2 bytes JMP 77078ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                       000000007610153d 2 bytes JMP 76fefca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                            0000000076101555 2 bytes JMP 76ff68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                     000000007610156d 2 bytes JMP 77078fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                       0000000076101585 2 bytes JMP 77078b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                          000000007610159d 2 bytes JMP 770786dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                       00000000761015b5 2 bytes JMP 76fefd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                     00000000761015cd 2 bytes JMP 76ffb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                 00000000761016b2 2 bytes JMP 77078ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2444] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                 00000000761016bd 2 bytes JMP 77078671 C:\Windows\syswow64\kernel32.dll
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!DispatchMessageW                                                                000000007613787b 5 bytes JMP 000000016f26eee0
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!DispatchMessageA                                                                0000000076137bbb 5 bytes JMP 000000016f26eeb0
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                 0000000076138a29 5 bytes JMP 000000016f26f8c0
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!SetWindowPos                                                                    0000000076138e4e 5 bytes JMP 000000016f26f040
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!DestroyWindow                                                                   0000000076139a55 5 bytes JMP 000000016f26f010
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                 000000007613d22e 5 bytes JMP 000000016f26f780
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                    00000000761405ba 5 bytes JMP 000000016f26f200
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                      0000000076140dfb 5 bytes JMP 000000016f26ef10
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!EndPaint                                                                        0000000076141341 5 bytes JMP 000000016f26f2e0
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!BeginPaint                                                                      0000000076141361 5 bytes JMP 000000016f26f280
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect                                                     00000000761428da 5 bytes JMP 000000016f26f700
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!SetCursor                                                                       00000000761441f6 5 bytes JMP 000000016f26e7c0
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                    0000000076145f74 5 bytes JMP 000000016f26f1a0
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!BringWindowToTop                                                                0000000076147b3b 5 bytes JMP 000000016f26f260
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!AnimateWindow                                                                   000000007614b531 5 bytes JMP 000000016f26f0b0
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow                                                             000000007614ba4a 5 bytes JMP 000000016f26f630
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!WindowFromPoint                                                                 000000007615ed12 5 bytes JMP 000000016f26e7e0
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!SetCapture                                                                      000000007615ed56 5 bytes JMP 000000016f26f180
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\USER32.dll!SetForegroundWindow                                                             000000007615f170 5 bytes JMP 000000016f26f140
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                           0000000076065ea6 5 bytes JMP 000000016f26e810
.text  C:\PROGRA~2\Raptr\raptr.exe[4040] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                       000000007606b895 5 bytes JMP 000000016f26ea80
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        000000007786dc60 5 bytes JMP 00000000779d0460
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 000000007786dcb0 5 bytes JMP 00000000779d0450
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                 000000007786de10 5 bytes JMP 00000000779d0370
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      000000007786de60 5 bytes JMP 00000000779d0470
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            000000007786de70 5 bytes JMP 00000000779d03e0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 000000007786df20 5 bytes JMP 00000000779d0320
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          000000007786df50 5 bytes JMP 00000000779d03b0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                             000000007786df70 5 bytes JMP 00000000779d0390
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   000000007786dfb0 5 bytes JMP 00000000779d02e0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 000000007786e030 5 bytes JMP 00000000779d02d0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               000000007786e050 5 bytes JMP 00000000779d0310
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                000000007786e090 5 bytes JMP 00000000779d03c0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             000000007786e0e0 5 bytes JMP 00000000779d03f0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                000000007786e240 5 bytes JMP 00000000779d0230
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     000000007786e400 5 bytes JMP 00000000779d0480
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    000000007786e430 5 bytes JMP 00000000779d03a0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             000000007786e510 5 bytes JMP 00000000779d02f0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          000000007786e520 5 bytes JMP 00000000779d0350
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                000000007786e580 5 bytes JMP 00000000779d0290
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             000000007786e610 5 bytes JMP 00000000779d02b0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              000000007786e630 5 bytes JMP 00000000779d03d0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 000000007786e640 5 bytes JMP 00000000779d0330
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          000000007786e6b0 5 bytes JMP 00000000779d0410
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             000000007786e6e0 5 bytes JMP 00000000779d0240
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  000000007786e9a0 5 bytes JMP 00000000779d01e0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             000000007786ea60 5 bytes JMP 00000000779d0250
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             000000007786ea90 5 bytes JMP 00000000779d0490
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    000000007786eaa0 5 bytes JMP 00000000779d04a0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               000000007786ead0 5 bytes JMP 00000000779d0300
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            000000007786eae0 5 bytes JMP 00000000779d0360
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  000000007786eb40 5 bytes JMP 00000000779d02a0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               000000007786eb90 5 bytes JMP 00000000779d02c0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                  000000007786ebc0 5 bytes JMP 00000000779d0380
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   000000007786ebd0 5 bytes JMP 00000000779d0340
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            000000007786eec0 5 bytes JMP 00000000779d0440
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           000000007786f0c0 5 bytes JMP 00000000779d0260
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              000000007786f0d0 5 bytes JMP 00000000779d0270
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            000000007786f0e0 5 bytes JMP 00000000779d0400
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        000000007786f2a0 5 bytes JMP 00000000779d01f0
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         000000007786f2b0 5 bytes JMP 00000000779d0210
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              000000007786f320 5 bytes JMP 00000000779d0200
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              000000007786f380 5 bytes JMP 00000000779d0420
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               000000007786f390 5 bytes JMP 00000000779d0430
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          000000007786f3a0 5 bytes JMP 00000000779d0220
.text  C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  000000007786f480 5 bytes JMP 00000000779d0280
.text  C:\Program Files\AVAST Software\Avast\avastUi.exe[6080] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                             0000000076fd8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 000000007786dc60 5 bytes JMP 00000000779d0460
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          000000007786dcb0 5 bytes JMP 00000000779d0450
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                          000000007786de10 5 bytes JMP 00000000779d0370
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               000000007786de60 5 bytes JMP 00000000779d0470
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     000000007786de70 5 bytes JMP 00000000779d03e0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          000000007786df20 5 bytes JMP 00000000779d0320
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   000000007786df50 5 bytes JMP 00000000779d03b0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                      000000007786df70 5 bytes JMP 00000000779d0390
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            000000007786dfb0 5 bytes JMP 00000000779d02e0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          000000007786e030 5 bytes JMP 00000000779d02d0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        000000007786e050 5 bytes JMP 00000000779d0310
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         000000007786e090 5 bytes JMP 00000000779d03c0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      000000007786e0e0 5 bytes JMP 00000000779d03f0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         000000007786e240 5 bytes JMP 00000000779d0230
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              000000007786e400 5 bytes JMP 00000000779d0480
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             000000007786e430 5 bytes JMP 00000000779d03a0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      000000007786e510 5 bytes JMP 00000000779d02f0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   000000007786e520 5 bytes JMP 00000000779d0350
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         000000007786e580 5 bytes JMP 00000000779d0290
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      000000007786e610 5 bytes JMP 00000000779d02b0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       000000007786e630 5 bytes JMP 00000000779d03d0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          000000007786e640 5 bytes JMP 00000000779d0330
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   000000007786e6b0 5 bytes JMP 00000000779d0410
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      000000007786e6e0 5 bytes JMP 00000000779d0240
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           000000007786e9a0 5 bytes JMP 00000000779d01e0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      000000007786ea60 5 bytes JMP 00000000779d0250
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      000000007786ea90 5 bytes JMP 00000000779d0490
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             000000007786eaa0 5 bytes JMP 00000000779d04a0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        000000007786ead0 5 bytes JMP 00000000779d0300
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     000000007786eae0 5 bytes JMP 00000000779d0360
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           000000007786eb40 5 bytes JMP 00000000779d02a0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        000000007786eb90 5 bytes JMP 00000000779d02c0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                           000000007786ebc0 5 bytes JMP 00000000779d0380
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            000000007786ebd0 5 bytes JMP 00000000779d0340
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     000000007786eec0 5 bytes JMP 00000000779d0440
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    000000007786f0c0 5 bytes JMP 00000000779d0260
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       000000007786f0d0 5 bytes JMP 00000000779d0270
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     000000007786f0e0 5 bytes JMP 00000000779d0400
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 000000007786f2a0 5 bytes JMP 00000000779d01f0
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  000000007786f2b0 5 bytes JMP 00000000779d0210
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       000000007786f320 5 bytes JMP 00000000779d0200
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       000000007786f380 5 bytes JMP 00000000779d0420
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        000000007786f390 5 bytes JMP 00000000779d0430
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   000000007786f3a0 5 bytes JMP 00000000779d0220
.text  C:\Windows\system32\wbem\unsecapp.exe[3084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           000000007786f480 5 bytes JMP 00000000779d0280
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                       000000007786dc60 5 bytes JMP 00000000779d0460
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                000000007786dcb0 5 bytes JMP 00000000779d0450
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                000000007786de10 5 bytes JMP 00000000779d0370
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                     000000007786de60 5 bytes JMP 00000000779d0470
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           000000007786de70 5 bytes JMP 00000000779d03e0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                000000007786df20 5 bytes JMP 00000000779d0320
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                         000000007786df50 5 bytes JMP 00000000779d03b0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                            000000007786df70 5 bytes JMP 00000000779d0390
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                  000000007786dfb0 5 bytes JMP 00000000779d02e0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                000000007786e030 5 bytes JMP 00000000779d02d0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                              000000007786e050 5 bytes JMP 00000000779d0310
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                               000000007786e090 5 bytes JMP 00000000779d03c0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                            000000007786e0e0 5 bytes JMP 00000000779d03f0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                               000000007786e240 5 bytes JMP 00000000779d0230
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                    000000007786e400 5 bytes JMP 00000000779d0480
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                   000000007786e430 5 bytes JMP 00000000779d03a0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                            000000007786e510 5 bytes JMP 00000000779d02f0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                         000000007786e520 5 bytes JMP 00000000779d0350
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                               000000007786e580 5 bytes JMP 00000000779d0290
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                            000000007786e610 5 bytes JMP 00000000779d02b0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             000000007786e630 5 bytes JMP 00000000779d03d0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                000000007786e640 5 bytes JMP 00000000779d0330
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                         000000007786e6b0 5 bytes JMP 00000000779d0410
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                            000000007786e6e0 5 bytes JMP 00000000779d0240
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                 000000007786e9a0 5 bytes JMP 00000000779d01e0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                            000000007786ea60 5 bytes JMP 00000000779d0250
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                            000000007786ea90 5 bytes JMP 00000000779d0490
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                   000000007786eaa0 5 bytes JMP 00000000779d04a0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                              000000007786ead0 5 bytes JMP 00000000779d0300
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                           000000007786eae0 5 bytes JMP 00000000779d0360
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                 000000007786eb40 5 bytes JMP 00000000779d02a0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                              000000007786eb90 5 bytes JMP 00000000779d02c0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                 000000007786ebc0 5 bytes JMP 00000000779d0380
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                  000000007786ebd0 5 bytes JMP 00000000779d0340
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                           000000007786eec0 5 bytes JMP 00000000779d0440
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                          000000007786f0c0 5 bytes JMP 00000000779d0260
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                             000000007786f0d0 5 bytes JMP 00000000779d0270
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                           000000007786f0e0 5 bytes JMP 00000000779d0400
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                       000000007786f2a0 5 bytes JMP 00000000779d01f0
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                        000000007786f2b0 5 bytes JMP 00000000779d0210
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                             000000007786f320 5 bytes JMP 00000000779d0200
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                             000000007786f380 5 bytes JMP 00000000779d0420
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                              000000007786f390 5 bytes JMP 00000000779d0430
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                         000000007786f3a0 5 bytes JMP 00000000779d0220
.text  C:\Windows\system32\notepad.exe[5844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                 000000007786f480 5 bytes JMP 00000000779d0280

---- EOF - GMER 2.1 ----
         
__________________

Alt 06.06.2015, 12:53   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Standard

Win 7: istartsurf eingefangen/updates gehen nirgends mehr





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.


Los geht's:

Schritt 1

Bitte deinstalliere folgende Programme:

Pando Media Booster Packages


Versuche es bei Windows 7 zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
  • Starte die Revouninstaller.exe
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
    Klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



(Neue Version)
Schritt 3

  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 4



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 06.06.2015, 14:48   #5
LeBlubb
 
Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Standard

Win 7: istartsurf eingefangen/updates gehen nirgends mehr



Hallo Jürgen.
Danke für die schnelle Hilfe.

Bin jetzt alle Schritte durch und der ADWCleaner hat tatsächlich etwas von dem Bösewicht gefunden.
Updates von mbam/avast funktionieren leider immer noch nicht wieder, obwohl avast hin und wieder meldet, dass meine Antiviren Datenbank abgelaufen sei.

ADWlog:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 06/06/2015 um 14:47:21
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-05.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Dolge - DOLGE-PC
# Gestarted von : C:\Users\Dolge\Downloads\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Windows\System32\roboot64.exe

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\WarThunder.lnk
Verknüpfung Desinfiziert : C:\Users\Dolge\Desktop\ Star Conflict Launcher.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Conflict\ Star Conflict Launcher.lnk
Verknüpfung Desinfiziert : C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Verknüpfung Desinfiziert : C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk
Verknüpfung Desinfiziert : C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Dolge\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Dolge\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\istartsurfSoftware
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16644

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v38.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [5647 Bytes] - [06/06/2015 14:38:57]
AdwCleaner[S0].txt - [3762 Bytes] - [06/06/2015 14:47:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3821  Bytes] ##########
         
mbam log:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 06.06.2015
Suchlauf-Zeit: 14:58:26
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Dolge

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 386959
Verstrichene Zeit: 19 Min, 53 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Warnen

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 3
PUP.Optional.Multiplug, HKU\S-1-5-21-4011178475-394731722-3904193916-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, In Quarantäne, [780182c1eb9f0c2a716034e623e0ce32], 
PUP.Optional.Multiplug, HKU\S-1-5-21-4011178475-394731722-3904193916-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, In Quarantäne, [780182c1eb9f0c2a716034e623e0ce32], 
PUP.Optional.Qone8, HKU\S-1-5-21-4011178475-394731722-3904193916-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ec8dc77c08825ed8dcc20b0b82837a86], 

Registrierungswerte: 1
Trojan.Agent, HKU\S-1-5-21-4011178475-394731722-3904193916-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run, "C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\IEUpdate\LocationNotifications.exe", In Quarantäne, [c8b1fb48b0da9d99f3edaa15f40f52ae]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Dolge (administrator) on DOLGE-PC on 06-06-2015 15:29:26
Running from C:\Users\Dolge\Downloads
Loaded Profiles: Dolge (Available Profiles: Dolge)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\RunLegacyCPLElevated.exe
() C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\OSD.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Realtek Camera Manager] => C:\Windows\system32\RunLegacyCPLElevated.exe shell32.dll,Control_RunDLL "C:\Windows\system32\Realtek Camera Manager.cpl"
HKLM-x32\...\Run: [SL-6481 Gaming Keyboard] => C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.exe [1976832 2014-06-21] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-06] (Avast Software s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\RunOnce: [Adobe Speed Launcher] => 1433596886
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: {32209ca5-2757-11e2-bd8c-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: {a07a7555-5441-11e4-a78f-bc5ff45ec1c4} - H:\setup.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: {bce7935f-2900-11e2-a70d-bc5ff4326929} - E:\setup.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-06] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{6551de96-3d84-4073-9481-a02f40452d9d} <======= ATTENTION (Policy restriction on IP)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4011178475-394731722-3904193916-1000 -> {86BC90EB-D1D5-40D4-9ED7-76A3617F0109} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-06] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-06] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Dolge\AppData\Roaming\Mozilla\Firefox\Profiles\14bcrzmf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-19] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nexon.co.jp/NxGame -> C:\ProgramData\NexonJP\NGM\npNxGameJP.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2013-12-11] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4011178475-394731722-3904193916-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dolge\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-06] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4011178475-394731722-3904193916-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\Dolge\AppData\Roaming\Mozilla\Plugins\NpFv530.dll No File
FF Plugin HKU\S-1-5-21-4011178475-394731722-3904193916-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-01] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Dolge\AppData\Roaming\Mozilla\Firefox\Profiles\14bcrzmf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-06]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-06] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-06] (Avast Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-19] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-06] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-06] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-14] (Disc Soft Ltd)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8228240 2012-09-19] (Realtek Semiconductor Corp.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-01] (Anchorfree Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-06] (Avast Software)
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 BRDriver64_1_3_3_7ECFDFEA; \??\C:\ProgramData\BitRaider\support\1.3.3\7ECFDFEA\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 15:28 - 2015-06-06 15:28 - 00001975 _____ C:\Users\Dolge\Downloads\mbam.txt
2015-06-06 14:57 - 2015-06-06 15:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-06 14:57 - 2015-06-06 14:57 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-06 14:57 - 2015-06-06 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-06 14:57 - 2015-06-06 14:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-06 14:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-06 14:57 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-06 14:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-06 14:56 - 2015-06-06 14:56 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Dolge\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-06 14:38 - 2015-06-06 14:47 - 00000000 ____D C:\AdwCleaner
2015-06-06 14:38 - 2015-06-06 14:38 - 02231296 _____ C:\Users\Dolge\Downloads\AdwCleaner_4.206.exe
2015-06-06 11:37 - 2015-06-06 11:37 - 00380416 _____ C:\Users\Dolge\Downloads\Gmer-19357.exe
2015-06-06 11:36 - 2015-06-06 11:37 - 00083200 _____ C:\Users\Dolge\Downloads\Addition.txt
2015-06-06 11:35 - 2015-06-06 15:29 - 00019939 _____ C:\Users\Dolge\Downloads\FRST.txt
2015-06-06 11:35 - 2015-06-06 15:29 - 00000000 ____D C:\FRST
2015-06-06 11:34 - 2015-06-06 11:34 - 02108928 _____ (Farbar) C:\Users\Dolge\Downloads\FRST64.exe
2015-06-06 11:33 - 2015-06-06 11:33 - 00000542 _____ C:\Users\Dolge\Downloads\defogger_disable.log
2015-06-06 11:33 - 2015-06-06 11:33 - 00000168 _____ C:\Users\Dolge\defogger_reenable
2015-06-06 11:32 - 2015-06-06 11:32 - 00050477 _____ C:\Users\Dolge\Downloads\Defogger.exe
2015-06-06 11:00 - 2015-06-06 11:00 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\AVAST Software
2015-06-06 10:59 - 2015-06-06 10:59 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-06 10:59 - 2015-06-06 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-06 10:58 - 2015-06-06 15:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-06 10:58 - 2015-06-06 10:57 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-06 10:57 - 2015-06-06 10:57 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-06 10:57 - 2015-06-06 10:57 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-06 10:57 - 2015-06-06 10:57 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-06 10:51 - 2015-06-06 10:51 - 00000000 ____D C:\Users\Dolge\AppData\Local\LogMeIn
2015-06-06 10:41 - 2015-06-06 10:42 - 152923328 _____ (Avast Software s.r.o.) C:\Users\Dolge\Downloads\avast_free_antivirus_setup.exe
2015-06-06 02:48 - 2015-06-06 02:48 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-06 02:48 - 2015-06-06 02:48 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-06 02:48 - 2015-06-06 02:48 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-06 02:47 - 2015-06-06 02:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-05 15:41 - 2015-06-05 15:41 - 00002112 _____ C:\Users\Dolge\Desktop\Firefox - CHIP Downloader.lnk
2015-06-05 01:32 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150605-013234.backup
2015-06-05 00:31 - 2015-06-05 01:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-05 00:31 - 2015-06-05 00:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-05 00:31 - 2015-06-05 00:31 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-05 00:31 - 2015-06-05 00:31 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-06-05 00:31 - 2015-06-05 00:31 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-05 00:31 - 2015-06-05 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-05 00:31 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-06-05 00:29 - 2015-06-05 00:29 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dolge\Downloads\spybot-2.4.exe
2015-06-05 00:17 - 2015-06-05 00:17 - 00000000 _____ C:\autoexec.bat
2015-06-05 00:14 - 2015-06-05 00:15 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Dolge\Downloads\SpyHunter-Installer.exe
2015-06-04 21:53 - 2015-06-04 21:54 - 00000000 ____D C:\Users\Dolge\Zomboid
2015-06-04 21:50 - 2015-06-04 21:50 - 00000000 ____D C:\Users\Dolge\Downloads\Project.Zomboid.Build.32.3
2015-06-04 21:30 - 2015-06-04 21:44 - 562744975 ____R C:\Users\Dolge\Downloads\Project.Zomboid.Build.32.3.zip
2015-06-04 20:29 - 2015-06-04 20:29 - 00000000 ____D C:\Users\Dolge\Downloads\TownCraft.v2.1.6
2015-06-04 20:29 - 2015-06-04 20:29 - 00000000 ____D C:\Users\Dolge\AppData\Local\TownCraft
2015-06-04 20:25 - 2015-06-04 20:29 - 102086988 ____R C:\Users\Dolge\Downloads\TownCraft.v2.1.6.zip
2015-06-02 18:27 - 2015-06-06 02:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-29 00:33 - 2015-05-29 00:33 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-05-19 17:12 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 17:12 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 00:09 - 2015-05-16 00:10 - 04545280 _____ (Microsoft Corporation ) C:\Users\Dolge\Downloads\setup.exe
2015-05-15 23:22 - 2015-05-15 23:22 - 00000000 ____D C:\ProgramData\Stardock
2015-05-15 23:20 - 2015-05-15 23:20 - 00000831 _____ C:\Users\Dolge\Desktop\Galactic Civilizations III.lnk
2015-05-15 23:20 - 2015-05-15 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Civilizations III
2015-05-15 19:43 - 2015-05-15 19:43 - 00001612 _____ C:\Users\Public\Desktop\Not A Hero.lnk
2015-05-15 18:44 - 2015-05-15 21:41 - 00000000 ____D C:\Users\Dolge\Documents\Windward
2015-05-15 18:41 - 2015-06-05 11:14 - 00000000 ____D C:\Program Files (x86)\Windward
2015-05-15 18:39 - 2015-05-15 20:01 - 00000000 ____D C:\Users\Dolge\Downloads\Galactic.Civilizations.III-CODEX
2015-05-15 18:36 - 2015-05-15 18:36 - 00000000 ____D C:\Users\Dolge\Downloads\Not a hero
2015-05-15 18:34 - 2015-06-05 12:27 - 00000000 ____D C:\Users\Dolge\Downloads\Windward
2015-05-13 04:39 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 04:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 04:39 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 04:39 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 04:39 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 04:39 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 04:39 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 04:39 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 04:39 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 04:39 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 04:39 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 04:39 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 04:39 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 04:39 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 04:39 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 04:39 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 04:39 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 04:39 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 04:39 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 04:39 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 04:39 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 04:39 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 04:39 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 04:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 04:39 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 04:38 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 04:38 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 04:38 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 04:38 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 04:38 - 2015-04-10 18:54 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 04:38 - 2015-04-10 18:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 04:38 - 2015-04-10 18:43 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 04:38 - 2015-04-10 18:43 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 04:38 - 2015-04-10 18:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 04:38 - 2015-04-10 18:39 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 04:38 - 2015-04-10 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 04:38 - 2015-04-10 18:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 04:38 - 2015-04-10 18:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 04:38 - 2015-04-10 18:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 04:38 - 2015-04-10 18:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 04:38 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 04:38 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 04:38 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 04:38 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 04:38 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 04:38 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 04:38 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 04:38 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 04:38 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-13 04:38 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-13 04:37 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 04:37 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 04:37 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 15:29 - 2009-07-14 06:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-06 15:29 - 2009-07-14 06:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-06 15:25 - 2012-11-05 16:46 - 01244397 _____ C:\Windows\WindowsUpdate.log
2015-06-06 15:23 - 2015-02-06 17:22 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Raptr
2015-06-06 15:22 - 2013-04-06 14:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-06 15:21 - 2015-03-23 19:26 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-06 15:21 - 2013-08-27 15:50 - 00000000 ____D C:\Users\Dolge\AppData\Local\LogMeIn Hamachi
2015-06-06 15:20 - 2013-09-24 16:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-06 15:20 - 2012-11-07 19:29 - 01013982 _____ C:\Windows\PFRO.log
2015-06-06 15:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 15:20 - 2009-07-14 06:51 - 00035770 _____ C:\Windows\setupact.log
2015-06-06 14:48 - 2012-11-07 20:51 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2015-06-06 14:47 - 2014-12-06 15:46 - 00000747 _____ C:\Users\Dolge\Desktop\ Star Conflict Launcher.lnk
2015-06-06 14:47 - 2014-12-06 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Conflict
2015-06-06 14:47 - 2014-02-27 03:29 - 00000726 _____ C:\Users\Public\Desktop\WarThunder.lnk
2015-06-06 14:47 - 2014-02-27 03:29 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-06-06 14:47 - 2012-11-05 16:51 - 00001166 _____ C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-06 14:47 - 2012-11-05 16:51 - 00000943 _____ C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-06-06 14:31 - 2013-09-24 16:23 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-06 11:33 - 2012-11-05 16:51 - 00000000 ____D C:\Users\Dolge
2015-06-06 10:55 - 2012-11-07 19:01 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-06 10:52 - 2012-11-08 20:01 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Skype
2015-06-06 10:49 - 2014-03-28 01:25 - 00000000 ____D C:\Program Files\GO2Bot
2015-06-06 10:27 - 2014-11-03 20:45 - 00000000 ____D C:\Users\Dolge\AppData\Local\Battle.net
2015-06-06 02:48 - 2012-11-07 18:34 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Mozilla
2015-06-06 02:48 - 2012-11-07 18:34 - 00000000 ____D C:\Users\Dolge\AppData\Local\Mozilla
2015-06-05 21:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-05 15:08 - 2013-02-20 16:56 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB
2015-06-05 15:08 - 2012-11-05 17:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-05 15:06 - 2015-02-27 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wolfman's missions
2015-06-05 14:52 - 2009-07-14 19:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2015-06-05 14:52 - 2009-07-14 19:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2015-06-05 14:52 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-05 14:41 - 2009-07-14 06:45 - 00274240 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-05 14:40 - 2012-11-09 12:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-05 14:40 - 2012-11-09 12:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-05 00:14 - 2012-11-08 20:01 - 00000000 ____D C:\ProgramData\Skype
2015-06-05 00:07 - 2015-02-25 03:36 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\BitTorrent
2015-06-04 23:45 - 2013-04-06 14:16 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-04 23:45 - 2012-11-07 20:14 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-04 23:45 - 2012-11-07 20:14 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-04 23:39 - 2014-03-18 17:01 - 00000000 ____D C:\Program Files (x86)\GO2Bot
2015-06-04 21:24 - 2012-11-07 19:12 - 00000000 ____D C:\Games
2015-06-04 17:33 - 2014-06-29 13:04 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Winamp
2015-06-04 01:58 - 2014-03-30 16:18 - 00000223 _____ C:\Users\Dolge\Desktop\Neues Textdokument.txt
2015-06-02 21:41 - 2014-01-08 01:54 - 00005736 _____ C:\Users\Dolge\Desktop\GO2 Aufträge.txt
2015-05-29 00:33 - 2012-11-07 19:02 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-19 17:32 - 2013-08-04 13:14 - 00000000 ____D C:\Windows\system32\MRT
2015-05-19 17:32 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-19 17:24 - 2012-11-09 13:09 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-19 17:12 - 2012-11-09 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-19 17:06 - 2014-08-22 15:45 - 00000000 ____D C:\Users\Dolge\AppData\Local\Adobe
2015-05-19 17:03 - 2015-02-06 17:22 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-17 22:31 - 2012-11-07 20:21 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\vlc
2015-05-16 14:28 - 2012-11-05 17:01 - 00061128 _____ C:\Users\Dolge\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-16 02:26 - 2013-09-24 16:23 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 02:26 - 2013-09-24 16:23 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 23:23 - 2013-05-12 22:34 - 00000000 ____D C:\Users\Dolge\AppData\Local\Stardock
2015-05-15 23:20 - 2012-11-09 14:17 - 00000000 ____D C:\Users\Dolge\Documents\My Games
2015-05-15 19:43 - 2013-12-17 04:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-05-15 19:43 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

==================== Files in the root of some directories =======

2012-11-07 20:40 - 2014-03-16 22:35 - 0007600 _____ () C:\Users\Dolge\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Dolge\AppData\Local\Temp\Quarantine.exe
C:\Users\Dolge\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 21:25

==================== End of log ============================
         


Alt 06.06.2015, 14:49   #6
LeBlubb
 
Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Standard

Win 7: istartsurf eingefangen/updates gehen nirgends mehr



Addition
[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Dolge at 2015-06-06 15:30:13
Running from C:\Users\Dolge\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4011178475-394731722-3904193916-500 - Administrator - Disabled)
Dolge (S-1-5-21-4011178475-394731722-3904193916-1000 - Administrator - Enabled) => C:\Users\Dolge
Gast (S-1-5-21-4011178475-394731722-3904193916-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4011178475-394731722-3904193916-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
BlueStacks Notification Center (HKLM-x32\...\{7E6316CA-5ED0-4EF9-9920-A92115E286B7}) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Consolas Font Family (HKLM-x32\...\{6AE22174-4FFA-4572-B692-31F0C386ED38}) (Version: 1.00.0000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
diclovit's mod pack 1.7.0 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 1.7.0 - diclovit)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Endless Legend (HKLM-x32\...\RW5kbGVzc0xlZ2VuZA==_is1) (Version: 1 - )
EVE Online (nur entfernen) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
Evil Genius (HKLM-x32\...\GOGPACKEVILGENIUS_is1) (Version: 2.0.0.15 - GOG.com)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Factorio version 0.11.19 (HKLM-x32\...\Factorio_is1) (Version:  - )
Fallout New Vegas Ultimate Edition (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version:  - )
FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.0 - Electronic Arts)
Galactic Civilizations III (HKLM-x32\...\Galactic Civilizations III_is1) (Version:  - )
GO2Bot (HKLM-x32\...\GO2Bot_is1) (Version:  - methejuggler)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guild Commander (HKLM-x32\...\Steam App 337220) (Version:  - GTGD)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hellgate (HKLM-x32\...\{65DF3688-6EF3-4C86-83DE-54AB46029F07}) (Version: 2.0.0.3 - Hanbit Soft)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft MechCommander 2 (HKLM-x32\...\MechCommander2 1.0) (Version:  - )
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.0 - Ubisoft)
Minecraft 1.6.4 1.00 (HKLM-x32\...\Minecraft 1.6.4 1.00) (Version:  - )
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Not A Hero (HKLM-x32\...\1429698467_is1) (Version: 2.0.0.1 - GOG.com)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pictures of a Rebellion (HKLM-x32\...\Pictures of a Rebellion) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Railroad Tycoon 3 CTC version 1.05 (HKLM-x32\...\{B2398CDA-063B-4B9F-9857-DABF6EF0C3E0}_is1) (Version: 1.05 - vol1)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Conflict Launcher 1.0.1.40 (HKLM-x32\...\StarConflictLauncher_is1) (Version:  - )
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version:  - Cryptic Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold 2 Deluxe (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.000 - Firefly Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TangoMaster (HKLM-x32\...\TangoMaster) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Titans Of Steel - Warring Suns (HKLM-x32\...\{2FB7DF75-D6CF-47B8-8BD0-BACE1C711DC4}) (Version: 1.00.000 - )
TransOcean - The Shipping Company (HKLM-x32\...\VHJhbnNPY2VhblRoZVNoaXBwaW5nQ29tcGFueQ==_is1) (Version: 1 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB Video Device (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.8400.10186 - Realtek Semiconductor Corp.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Victory At Sea (HKLM-x32\...\Steam App 298480) (Version:  - Evil Twin Artworks)
VIRTUIS ADVANCED Gaming Keyboard Driver (HKLM-x32\...\{B3CDED64-7DC2-429D-A325-BBC3CF793AA6}) (Version: 1.0 - SPEEDLINK)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
War Thunder Launcher 1.0.1.322 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
Wasteland 2 (HKLM-x32\...\1207665783_is1) (Version: 2.0.0.8 - GOG.com)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation)
wolfman-x (HKLM-x32\...\wolfman-x) (Version:  - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1) (Version:  - Wargaming.net)
World of Warships (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814EU}_is1) (Version:  - Wargaming.net)
XCOM: Enemy Within (HKLM-x32\...\WENPTUVuZW15V2l0aGlu_is1) (Version: 1 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-06-05 01:32 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04C6F3C4-EF9A-4FE8-AB7C-FF0843457632} - System32\Tasks\{743ECE16-A0F9-4BCF-BD45-4651E0A2CD55} => pcalua.exe -a C:\Users\Dolge\Downloads\wlsetup-all_de_16.4.3505.0912.exe -d C:\Users\Dolge\Downloads
Task: {389221DF-2666-4740-8399-0FD884C90ABB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {4BC65316-DF34-4A70-B82A-D719DE97D177} - System32\Tasks\{B0EE1314-98CC-4D36-8FB4-13557DC196C0} => C:\Games\Mech Commander 2\Mc2Rel.exe
Task: {579E0B51-EB0D-4637-9153-E26B959C4FE9} - System32\Tasks\{7143DC77-B811-4209-832E-EF99F8CB62E8} => E:\Setup.exe
Task: {661788BE-2D39-43A5-A426-FF107FF1D601} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {6F07A997-7F1E-455C-92DB-73488E97E729} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-06] (Avast Software s.r.o.)
Task: {70823CAE-5F82-4D52-8DB6-9C5128B1E634} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {76D1D165-50CF-4938-96A9-30D9632E3C44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {BCBE2B12-4444-408B-8EA1-D6AA0450C242} - System32\Tasks\{8252994F-78F4-4A57-B4C5-4AA15FD48902} => E:\Setup\SETUP.EXE
Task: {BF9915BF-D991-4ACC-A3EE-A37820595725} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C7D387FB-EC41-4A87-8065-23E37723E05A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D9E76E6C-F567-4060-A977-6E6944FE19A4} - System32\Tasks\{A1C777F0-E3BF-40CC-AF15-3CCD252C3936} => pcalua.exe -a E:\Fifa.Manager.11.RiP.JoeKkerr.part1.exe -d E:\
Task: {D9F0AB95-BC4A-4C85-8735-0C1799CD0D3E} - System32\Tasks\{8761556F-ACCE-404A-8422-81CD52D300BD} => C:\Users\Dolge\Downloads\NF2_Downloader.exe
Task: {E9E1F38A-DBC0-432A-924A-00A98B20539E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-04] (Adobe Systems Incorporated)
Task: {F1A8B0A9-5DA8-4FC8-A477-CF1AE40C8E22} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FC7C9B53-D1AA-4F89-8BEB-AD1662F08BE0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-07-19 12:53 - 2013-07-19 12:53 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2014-08-21 13:53 - 2014-06-21 12:16 - 01976832 _____ () C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE
2014-08-21 13:53 - 2013-07-11 09:38 - 00169984 _____ () C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\OSD.exe
2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-06-06 10:57 - 2015-06-06 10:57 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-06 10:57 - 2015-06-06 10:57 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-06 10:58 - 2015-06-06 10:58 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15042800\algo.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-05 00:31 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-05 00:31 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-05 00:31 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-05 00:31 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-05 00:31 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-21 13:53 - 2013-08-17 14:13 - 00036864 _____ () C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Lang\Lang_EN.dll
2014-08-21 13:53 - 2012-11-05 08:37 - 00061440 _____ () C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\hiddriver.dll
2015-06-06 10:57 - 2015-06-06 10:57 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2014-08-14 02:37 - 2014-08-14 02:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 02:37 - 2014-08-14 02:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2013-11-21 02:05 - 2013-11-21 02:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 02:56 - 2014-06-18 02:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{80DB96EA-3772-464D-9027-B4FA8F79E69C}C:\games\world_of_warplanes\worldofwarplanes.exe] => (Allow) C:\games\world_of_warplanes\worldofwarplanes.exe
FirewallRules: [UDP Query User{438FC49D-D47B-400E-9A3D-2DF4F0C03659}C:\games\world_of_warplanes\worldofwarplanes.exe] => (Allow) C:\games\world_of_warplanes\worldofwarplanes.exe
FirewallRules: [TCP Query User{3733BA81-6A8F-46B9-979E-0389D0E0123E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{061D3F0D-81D3-4821-B531-D5472DBC452C}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{92315A70-5CC6-4466-80D1-4A615953A6FF}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{850C77F2-0BC1-4A97-A51E-48903808B4F9}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{BFEEA739-D182-44DC-BB86-309DED1BB36A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7106CF72-3109-4B27-B5FA-F75B7942473B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{410EB6D6-AA13-43BF-BD33-32F101165ACB}] => (Allow) LPort=2869
FirewallRules: [{348505E2-B7B4-4BCD-BCAC-93433F1A178C}] => (Allow) LPort=1900
FirewallRules: [{16063145-77DB-4C4E-BBCE-D61652EAFD74}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{5005F42E-7E5C-4C66-B4E3-41D783DAC44D}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe] => (Block) C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [UDP Query User{E7C035FE-0803-418B-B390-3203148C6F8A}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe] => (Block) C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [TCP Query User{71A60597-2E9C-4327-96FE-7562F46F9998}C:\games\naval war arctic circle\nwac.exe] => (Block) C:\games\naval war arctic circle\nwac.exe
FirewallRules: [UDP Query User{95820350-976E-4708-9E08-7094D7D5676A}C:\games\naval war arctic circle\nwac.exe] => (Block) C:\games\naval war arctic circle\nwac.exe
FirewallRules: [TCP Query User{02C9B724-D068-4847-81F1-E4FD505D74DD}C:\games\naval war arctic circle\nwac.exe] => (Block) C:\games\naval war arctic circle\nwac.exe
FirewallRules: [UDP Query User{D7ABA78C-DE89-4B05-84E2-5D949A0267E4}C:\games\naval war arctic circle\nwac.exe] => (Block) C:\games\naval war arctic circle\nwac.exe
FirewallRules: [TCP Query User{55EA5A0F-B9CD-4AF4-9FA4-C7B985808636}C:\users\dolge\downloads\battlestations pacific\battlestations pacific\bsp.exe] => (Block) C:\users\dolge\downloads\battlestations pacific\battlestations pacific\bsp.exe
FirewallRules: [UDP Query User{B58FA2FA-8F56-4530-BD72-A3F12C49B4E7}C:\users\dolge\downloads\battlestations pacific\battlestations pacific\bsp.exe] => (Block) C:\users\dolge\downloads\battlestations pacific\battlestations pacific\bsp.exe
FirewallRules: [TCP Query User{08D1F509-D085-48E0-A4D6-62EBCE40D19A}C:\games\dc universe\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\games\dc universe\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{4A81D570-3123-4649-99CC-CBCE76F3BB12}C:\games\dc universe\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\games\dc universe\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{6FF87B53-3B8A-431E-985E-18589EE3922B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{54898E4C-2336-462D-875A-7B4D4F26E622}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{AB2606D8-CDDE-48D9-9E95-FC25618E9214}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{83C4974E-C97E-43E3-BB1F-259980EAFA2B}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [{AC7AE98F-2CE1-4498-985E-7F5AEA60EC37}] => (Allow) C:\Users\Dolge\Downloads\NF2_Downloader.exe
FirewallRules: [{0FB11AFC-3A29-4D93-AC89-CD80993E9A3A}] => (Allow) C:\Users\Dolge\Downloads\NF2_Downloader.exe
FirewallRules: [{4656E6B4-C944-4798-93E2-84BEDC2D2122}] => (Allow) C:\Users\Dolge\Downloads\NF2_Downloader.exe
FirewallRules: [{51FE2DD6-E3C6-4A85-A51E-BE9F9DF52FD3}] => (Allow) C:\Users\Dolge\Downloads\NF2_Downloader.exe
FirewallRules: [{A4A79881-62B4-4F53-8C41-B76BB9DDF8BD}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{A46F68D1-ED2F-40C6-A0F1-12D7B74DDBE5}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [TCP Query User{142E092D-133E-4319-B1BE-E827F412B085}C:\users\dolge\downloads\neverwinter_nw.1.20130416a.6.exe] => (Allow) C:\users\dolge\downloads\neverwinter_nw.1.20130416a.6.exe
FirewallRules: [UDP Query User{9CFE9624-A50D-4E87-ADA6-0D354CCB05F7}C:\users\dolge\downloads\neverwinter_nw.1.20130416a.6.exe] => (Allow) C:\users\dolge\downloads\neverwinter_nw.1.20130416a.6.exe
FirewallRules: [TCP Query User{5F29E814-00CB-4AC0-98F8-64566592C9EE}C:\games\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{7B42267B-0534-4720-AFD3-7D22929DA456}C:\games\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{C02D01B8-2A43-48CF-A296-225B2576350C}] => (Allow) C:\ProgramData\NexonJP\NGM\NGM.exe
FirewallRules: [{465014F5-7277-45CD-8BEF-374A96E927F2}] => (Allow) C:\ProgramData\NexonJP\NGM\NGM.exe
FirewallRules: [TCP Query User{A0C63096-F1D9-4AD3-B3C7-222C53D3E558}C:\games\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\games\star trek online\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{4BF8F09A-A86B-4184-85E7-DC55956760BD}C:\games\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\games\star trek online\star trek online\live\gameclient.exe
FirewallRules: [{709FF1EC-D7B6-4654-9F4B-544FBC32D292}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{B22DA5DC-701B-4874-BCA9-DF9C41745552}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B416D967-32DF-4FA7-A56C-9797A925D0CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B2DEA4D0-1295-461C-AC23-EE22DBDBE802}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5348E462-2719-4621-8E5A-6E0BE27B7A70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BBC5D20-2704-4891-8BCF-AFABB1D3B1F9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{FC120DDA-4423-4929-A772-D37CC1734BB7}C:\users\dolge\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dolge\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2927DA3D-AAE9-47BD-A4D1-FB26B5123F76}C:\users\dolge\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dolge\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{C56B2666-672F-46C0-BB56-FF00A430B6B1}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{DC007694-6A4E-454B-B8EE-09D3842FCB5C}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [TCP Query User{E75B6A9E-E2DA-47D6-A779-2AFF8F4E93E2}C:\users\dolge\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dolge\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{EFCAF7A0-502F-49F9-8C9A-311E31EBEB51}C:\users\dolge\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dolge\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{08226D53-D950-4A0E-99AF-17B37703BEB9}C:\users\dolge\appdata\local\apps\2.0\gh8lt9xc.r11\b0qwem6k.ztg\laun...app_59711684aa47878d_0001.0021_ab3ee13873571d13\launcher.exe] => (Allow) C:\users\dolge\appdata\local\apps\2.0\gh8lt9xc.r11\b0qwem6k.ztg\laun...app_59711684aa47878d_0001.0021_ab3ee13873571d13\launcher.exe
FirewallRules: [UDP Query User{40548420-7F46-402F-B17C-2F2C90DD76F1}C:\users\dolge\appdata\local\apps\2.0\gh8lt9xc.r11\b0qwem6k.ztg\laun...app_59711684aa47878d_0001.0021_ab3ee13873571d13\launcher.exe] => (Allow) C:\users\dolge\appdata\local\apps\2.0\gh8lt9xc.r11\b0qwem6k.ztg\laun...app_59711684aa47878d_0001.0021_ab3ee13873571d13\launcher.exe
FirewallRules: [{CF64148E-FAD4-4B08-AF47-7B32DE163330}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8D58B383-D9DF-4E7D-A91E-9E9453B60CB3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4B18B1EA-F037-4BC8-B263-397B9CD2E362}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4AD4FF77-852C-4D77-B904-A30A676257FC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{6AE1C1B3-A348-4C97-AFBF-693169204138}C:\games\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\games\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [UDP Query User{68428B8A-6AF7-4EA6-89BE-4DEDCB2AE4AB}C:\games\ghost recon online\ncsa-live\ghostrecononline.exe] => (Allow) C:\games\ghost recon online\ncsa-live\ghostrecononline.exe
FirewallRules: [TCP Query User{3C316122-ECEC-4053-B866-F52FB3FC33B9}C:\games\eveonline\bin\exefile.exe] => (Allow) C:\games\eveonline\bin\exefile.exe
FirewallRules: [UDP Query User{61A7DF74-2338-47F1-971B-C46754756599}C:\games\eveonline\bin\exefile.exe] => (Allow) C:\games\eveonline\bin\exefile.exe
FirewallRules: [TCP Query User{125D6301-9193-4C7C-AE6E-D6D4ED174356}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{BAF2F8F5-D073-45A1-AF72-CEFFBB45D75A}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{7432CE6E-E5D9-4089-996B-0553E44D3DBE}C:\users\dolge\downloads\quake3\quake3.exe] => (Allow) C:\users\dolge\downloads\quake3\quake3.exe
FirewallRules: [UDP Query User{C37BC0B8-629A-43CC-BAB9-5417361A98D9}C:\users\dolge\downloads\quake3\quake3.exe] => (Allow) C:\users\dolge\downloads\quake3\quake3.exe
FirewallRules: [TCP Query User{5CB8B110-0B55-40A8-BD2B-D4BD27244F8A}C:\quake iii arena\quake3\quake3.exe] => (Allow) C:\quake iii arena\quake3\quake3.exe
FirewallRules: [UDP Query User{F7D43B49-B780-4D5D-84FE-2D7428DBD371}C:\quake iii arena\quake3\quake3.exe] => (Allow) C:\quake iii arena\quake3\quake3.exe
FirewallRules: [TCP Query User{2694C7A1-5C11-4888-8617-134CDD97465D}C:\games\quake3\quake3.exe] => (Allow) C:\games\quake3\quake3.exe
FirewallRules: [UDP Query User{DD245BA6-D49B-4D2F-AB51-C52D20E0BEDC}C:\games\quake3\quake3.exe] => (Allow) C:\games\quake3\quake3.exe
FirewallRules: [{6F350706-A887-4F31-BFFE-EE443B29649E}] => (Allow) C:\Users\Dolge\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A54415C-9434-4FCF-B7AC-939B772464AB}] => (Allow) C:\Users\Dolge\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EBEF0DF8-6200-4587-9410-D059B5532E7F}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{EA9AA0B8-94C9-40F4-B5DA-4D5A685A7B26}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{C2F3CE8F-119E-4CE6-BF85-64B65BE8828D}] => (Allow) C:\Steam\SteamApps\common\Spellforce 2 - Faith in Destiny\Docs\SF2_FiD_Manual.pdf
FirewallRules: [{A59A255E-93E2-4FB8-B3D4-5D92078B905D}] => (Allow) C:\Steam\SteamApps\common\Spellforce 2 - Faith in Destiny\Docs\SF2_FiD_Manual.pdf
FirewallRules: [{BE36F5F2-2207-4366-BC89-0F8B241917A2}] => (Allow) C:\Steam\SteamApps\common\Spellforce 2 - Faith in Destiny\Docs\MapEditorFirstSteps.pdf
FirewallRules: [{B187652E-84D8-4DEB-AE49-4BF23E1547AF}] => (Allow) C:\Steam\SteamApps\common\Spellforce 2 - Faith in Destiny\Docs\MapEditorFirstSteps.pdf
FirewallRules: [TCP Query User{41824C4A-57B2-4DD1-9F78-12E6E81083AC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{736E88C2-AC43-4D02-9DE9-2EC581CA4F91}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{473E2478-5110-4ECB-B25C-703FF5C5B545}] => (Allow) C:\Users\Dolge\AppData\Local\Viber\Viber.exe
FirewallRules: [{05E61224-CB98-4755-BB27-AEBF9683E03E}] => (Block) %SystemDrive%\Games\FM12\Manager12.exe
FirewallRules: [{14A25CDA-264B-4914-AF0A-0CE9C99889AC}] => (Block) %SystemDrive%\Games\FM12\EdManager12.exe
FirewallRules: [{7E941C1F-D39D-489E-BA03-B7A44ECA926E}] => (Block) %SystemDrive%\Games\FM12\Core\activation.exe
FirewallRules: [{B6319C02-AACA-4454-8386-22A9BA7E6BD3}] => (Block) %SystemDrive%\Games\FM12\Core\EACoreServer.exe
FirewallRules: [{E6ED282B-B1FC-4769-8FD2-482F0B2CF509}] => (Block) %SystemDrive%\Games\FM12\Core\PatchProgress.exe
FirewallRules: [{22461E14-5702-4833-9FE1-E98F70117617}] => (Block) %SystemDrive%\Games\FM12\online\FMOnline.exe
FirewallRules: [TCP Query User{D4D641FF-8F80-4886-8CE0-1E1377767795}C:\games\godus\windows\godus.exe] => (Block) C:\games\godus\windows\godus.exe
FirewallRules: [UDP Query User{DD4CEFF8-1D08-4B9E-9041-E5FF1979526A}C:\games\godus\windows\godus.exe] => (Block) C:\games\godus\windows\godus.exe
FirewallRules: [{2230C576-EC81-4AAC-8652-CC3504B1C315}] => (Block) %USERPROFILE%\Downloads\XCOM Enemy Unkonwn\iaa-X.E.U\Binaries\Win32\XComGame.exe
FirewallRules: [TCP Query User{9407DFA1-DD35-45CB-8536-D62CC6BD725C}C:\users\dolge\downloads\xcom enemy unkonwn\iaa-x.e.u\binaries\win32\xcomgame.exe] => (Block) C:\users\dolge\downloads\xcom enemy unkonwn\iaa-x.e.u\binaries\win32\xcomgame.exe
FirewallRules: [UDP Query User{D6AD8431-7433-4A85-BCA9-ABB9BE6D0EAF}C:\users\dolge\downloads\xcom enemy unkonwn\iaa-x.e.u\binaries\win32\xcomgame.exe] => (Block) C:\users\dolge\downloads\xcom enemy unkonwn\iaa-x.e.u\binaries\win32\xcomgame.exe
FirewallRules: [TCP Query User{FF0E4115-89EE-4913-9E99-9FFD8AB8C5A7}C:\games\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Block) C:\games\xcom enemy within\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{C1648DD1-AF3A-42B3-A3B3-EA48CF35CE1D}C:\games\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Block) C:\games\xcom enemy within\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{99352BAC-417D-449C-B2FF-5CB9662D7845}C:\program files (x86)\gameforgelive\games\deu_deu\runes of magic\client.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\runes of magic\client.exe
FirewallRules: [UDP Query User{1836E039-A3BA-426E-AB3B-C4406B109483}C:\program files (x86)\gameforgelive\games\deu_deu\runes of magic\client.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\runes of magic\client.exe
FirewallRules: [{9D7C19EB-7D34-48CD-9406-9C80099A6546}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A78C3A1B-49C1-4C7C-928A-71C85B1CEC29}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F355D04E-54DF-4A06-A194-F8C72E9AA2AB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{930BE472-130C-4F98-BF8D-41AAED6648D2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{70728E1E-FAA6-4207-82C0-B0F947C43F6F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5D224721-C96E-4ED0-8BE5-53E40C31B3FF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{18CF5889-3A75-4729-AAA0-FBACC12ECA6A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{009FC4D7-C670-4BD5-9988-CED5D887DA4B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B54CC007-3134-4B7E-8551-3FB087AF05D9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{89952251-8733-4689-9F63-0DF53D347E98}] => (Allow) LPort=80
FirewallRules: [{4D6E6068-8486-45A8-8DB2-4CAF57F54A9D}] => (Allow) LPort=443
FirewallRules: [{06984532-16A4-4CE5-AD86-8049732BA885}] => (Allow) LPort=20010
FirewallRules: [{627225B0-F393-4E6D-8705-1F3A2F272F44}] => (Allow) LPort=3478
FirewallRules: [{1BC200BD-F517-48F1-95EE-DEF52E60A3F7}] => (Allow) LPort=7850
FirewallRules: [{2370DF6B-4448-4531-8A35-32825D768776}] => (Allow) LPort=7852
FirewallRules: [{3F77AF08-F745-4AEC-AC52-5F40E4B6F239}] => (Allow) LPort=7853
FirewallRules: [{3170F977-5EA0-4684-9B83-BEB9855332CA}] => (Allow) LPort=27022
FirewallRules: [{3045E659-6348-4CF6-BE69-9F0B63636AAF}] => (Allow) LPort=6881
FirewallRules: [{92A4377B-9EC8-4E43-BBBD-B68A430F7BF5}] => (Allow) LPort=33333
FirewallRules: [{B16B296B-88E4-418F-9D44-173F2EA1837B}] => (Allow) LPort=20443
FirewallRules: [{F6CA0A9F-0E52-42D7-B3E3-139C5B22B61F}] => (Allow) LPort=8090
FirewallRules: [{460BD186-41AE-4229-B01B-5C83A530EF9F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{45B615E4-69CD-4738-95C1-28A6E0D2EA89}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AB9FA84C-1CBF-4D70-BA6D-FD6BB48C529B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{9B86B9F6-46B2-44FC-AA28-206165F59D12}C:\games\warthunder - kopie\launcher.exe] => (Allow) C:\games\warthunder - kopie\launcher.exe
FirewallRules: [UDP Query User{A10D3447-1DF8-4A37-BBB3-A4263482AF81}C:\games\warthunder - kopie\launcher.exe] => (Allow) C:\games\warthunder - kopie\launcher.exe
FirewallRules: [{656B1FDC-E9A1-4CC9-BD45-12DC5756CAF1}] => (Allow) C:\Games\WarThunder\launcher.exe
FirewallRules: [{70FD0087-2F3B-4A61-B70A-D047B271149D}] => (Allow) C:\Games\WarThunder\launcher.exe
FirewallRules: [TCP Query User{FC36322B-D7F3-4CF3-AA79-73FFD5C1B56A}C:\games\warthunder - kopie\aces.exe] => (Allow) C:\games\warthunder - kopie\aces.exe
FirewallRules: [UDP Query User{EC2D4052-4AB8-49DA-AD7F-445C5491769C}C:\games\warthunder - kopie\aces.exe] => (Allow) C:\games\warthunder - kopie\aces.exe
FirewallRules: [{7CB5222D-AB90-444E-9C09-703A280F569D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{28E75FF6-BCEE-4297-BF05-3ED5CF3CB310}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{2E3DEBCD-4FFB-4959-A02F-DC5D484A74CC}C:\games\warthunder\aces.exe] => (Allow) C:\games\warthunder\aces.exe
FirewallRules: [UDP Query User{C828C9BE-67EB-4F3D-BF25-631E6DF3EF26}C:\games\warthunder\aces.exe] => (Allow) C:\games\warthunder\aces.exe
FirewallRules: [{2EA67AD2-9120-4882-B5B9-F8814F4172CB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{38B4771C-5746-4C42-9A64-5AF1CC64F853}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2AA67482-392A-4938-A7BC-2D39170A5F7B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AFDE24BC-01DE-4FD4-A468-3FD8356635A5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{391DA562-4287-4824-8EDA-8FA583F900A2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D5AE7992-2541-4133-924C-C0DBDB474E93}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{56C080E0-5A53-4966-A41F-10E881F3E753}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{37CC77E3-EDA7-40B0-B6B7-A9EDB1BAE7D5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F684E80E-8C36-4972-9A8A-2A9765D84300}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{68C273B8-EF8F-4E3D-920D-7DC3037C33FC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{F2038FE9-BD17-43B9-9699-B0F80A6E88B6}C:\users\dolge\downloads\openttd-1.3.3-windows-win64\openttd.exe] => (Allow) C:\users\dolge\downloads\openttd-1.3.3-windows-win64\openttd.exe
FirewallRules: [UDP Query User{0874AE68-CB89-44F4-AD9C-27D7684AA46B}C:\users\dolge\downloads\openttd-1.3.3-windows-win64\openttd.exe] => (Allow) C:\users\dolge\downloads\openttd-1.3.3-windows-win64\openttd.exe
FirewallRules: [{6EA97082-816A-4C1B-A50F-B16974F13642}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2D0F0DE4-189E-430F-B72F-D1F9E4CD3ED3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6A213FE4-E7FD-468B-A165-290AA4F79EDB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A4FF56D6-1AC3-4415-B043-6130B4E7D559}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{20CE983A-FF93-41C6-991D-C29B2CF890C1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A473B6B9-4083-434E-B502-6CCE359AA350}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B38E05B9-25EC-4EC1-B101-72FA41D0AFF7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F341F053-B8CD-46C5-92C5-4C5EAC3FFB78}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D419AA32-4483-42F7-8229-3DA9F1CA7697}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{46DF5A69-17B6-45E2-BE26-1515BA444E31}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C2FAF982-6248-4F1C-A118-61CE073FD640}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EF3F5441-0EAF-42F8-85AA-36446DF070E8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{613399E9-48C3-472C-9FF7-41B73E2AA179}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5713556D-90FE-4845-B184-92668A2B4D90}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{46A98D48-E5C6-4325-BA6D-AADCB57D8452}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{350A7D01-F468-4C8B-A635-D3F0B8B31C8F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D6315892-3149-44A0-A9C7-943DBDFD5DB4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F0ECCEDA-E33C-4EE4-908E-4CEB7AF583A1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{306E5FCC-BC8D-4F9B-88F9-7C276A0B15F7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2A673550-5B2D-45DD-985B-146141CF6C21}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{17693664-3B02-4460-9BA9-B0F0C2A2569F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DC25D8DA-C3C3-44CD-8D57-C05339C30D74}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BE6BF9A1-0BB1-424C-B220-1DBDDCC062E0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DC3B0AD1-F572-4BB4-BDFC-B37682EFFC9B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0F409515-5DFA-43F8-BC1C-6B62D190854B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{706920B7-B0FB-4CB4-B353-DC412900538E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{82E3FB75-1E6D-4BBE-B7C9-D03BC91C3548}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D8D4A309-0369-4204-B6B4-B654AE47D0DD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{51848E85-F954-4CF4-84DA-3C40C99637DB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{55A90995-0876-4845-AC91-F1AD034B36D5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{201668FF-2CDB-4D25-AAE0-D342184F521F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{37F379FE-BD15-4F42-B051-01B1BBB44B80}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EB69964E-12B6-4C7E-9B85-0D03240A44A6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E0903B6C-3CA4-4127-87F5-285BF83E57E9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9D8704C7-A183-4825-9175-2F9365DB1BA9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{17A401D5-E32A-4667-B83F-16B2DA192C86}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4C186678-7577-4B08-8DE7-CFCC5215BFF9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9962CDDB-43EA-4608-A119-DF2FCA4C1673}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BCB1E33F-F653-4CBD-ADA0-EA7FA4241F5A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{66A99D03-E702-46A3-8DB3-F138E9D6DA4D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5454FF4A-08FF-4373-8A52-00B59D6E70F3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4552C26A-102B-479B-AB7F-304B54903F78}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A1F373C0-AB82-4A5D-8992-94671ED98C21}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A01CC517-59F0-4B97-91FD-A2CD34B97466}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{28E69DDB-AE04-4618-8F1F-E05B28B6923E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9CBE866A-9B74-4358-B741-CF77FC635663}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E3F2E52B-4992-472E-A24F-56D0D9888402}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AAECC322-89BA-4366-8D71-3027BE6BB2D9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F6A523A2-8BAA-4450-AB17-0D33E10FE5C7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{91B29DCF-5E49-41BD-921C-D1B55D968348}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{642FBF3B-C9BC-4900-8253-66A95CD02CBA}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{29F063AE-1784-4763-BF08-F7E41EBF7075}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A1A0FFD7-DA01-4B65-82B3-48CA1183E116}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D651E871-6ED3-4B49-A458-F935E5E15194}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F3DD69CA-7E85-40BE-BE25-CF2D59DBFF5F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{852A3DDD-F794-4633-9316-2F66577F5F1F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F416B9D0-DA05-4613-AECF-51229A1106E1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{02E0BAB8-DE8B-45D1-A9D0-82D217A33776}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D85722CE-A4C1-49D8-966C-FB0C11C5F4B0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F1ED0CC5-CD00-4E8C-88B1-AA596CA3E9AE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{061D6DC4-16EA-4E96-9C28-8FD907D8B0BE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EC34FBD6-AF35-4024-A499-FFF22A547235}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BC27286E-A9F8-4925-8B9C-954F60F845F6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{81DB57BC-9EF8-446B-A477-8343D6A88C54}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1B79BE15-F51A-409F-B149-F1D88C94E00A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5DAE4F6B-C91B-49D5-A629-CA720F4E5313}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{45889D0B-6E93-4D6F-A600-112D3171084E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DC848940-A10E-4B0B-8820-EBB3A6287AD6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{AC077C54-F194-4A51-81A0-0D72568B19D2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{3E5E94CC-6CCD-4E02-9824-4A00660A0118}] => (Allow) C:\Games\HOMM6\Might & Magic Heroes VI.exe
FirewallRules: [{DF3DB903-EB32-40EA-9981-D61C7F139067}] => (Allow) C:\Games\HOMM6\Might & Magic Heroes VI.exe
FirewallRules: [{E9493259-3CDC-4F97-9B36-7269B1A77732}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3A4BEDC8-5D23-42E2-93D4-9B8D0DFCA0B2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BAC8B251-62BE-4F32-9F30-0BD8F9845159}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C72E753A-8A7B-47FE-B6FD-2418CDB37C6F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EEA70586-F588-4043-8F98-ADFCA744885E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9087180B-3096-46DA-A03D-E33FB5A1B2FB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0B51EA92-7025-4549-9D2B-AF67DD49676D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{50038E5C-2083-4EA0-9949-9692DD5FBC04}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0BB81DDB-4A8E-47E3-9161-D8B56C9EB17B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{082AC508-C6D7-45C9-8A60-EC8F5429F905}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7D1083DE-6E8D-4184-9935-EBAB7AEBBF03}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9883C105-1D19-4324-8898-D2BD8558D7D2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{10AACFBF-588C-4C24-AF36-91168F2F7BAB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4B0FADC8-8BF7-4E75-B65C-DAEEC1E3A86D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BF706805-536E-48DF-900D-25BF8A4909D2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5048B8EB-93CB-4487-A60D-207CBBB0EF50}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7F72C234-AA75-4AA9-BCAF-64E4785872D9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{53BDFAD7-AE70-4881-890A-1A2F467C147D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5761D09D-7411-4130-8EBD-931363645643}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C20F6C3C-6B9B-46AD-9B05-1505F4E309C4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C0F0A592-85EB-4390-A010-E355D1F6996A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C9E9E5D7-433D-47EF-ACC1-ECA5E55AA47E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{22850962-59A3-4ED9-AF87-2160E17C6D4C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D5B25C12-65B4-4E34-9094-A53C55336CBC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{61B293F9-5798-48B1-9462-0A2EF22EC585}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B6A449AD-FB4E-49D2-9D45-176F588B7832}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8A28400B-35FD-4B69-9C4C-EC40E317D421}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1E99B1BF-E62A-4C4B-A291-A4A42B542F7A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2B412608-7A41-417A-9ED6-9EA413C6AFDA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7AC99958-1C09-435C-84B9-C3700000CCCC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{85EEF2B0-01CD-40D1-A54B-472399FAB807}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4CF46B74-D265-4AD5-9703-2EA6540E7E49}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{05305F40-8DB4-4899-A9F2-962AEC6F3C08}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3B22F3B0-169F-409A-BAFF-9BA84A960265}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6D0E3C6E-9A5D-48C4-877B-283BCF36D258}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EFE9D8ED-212C-46EA-9ED3-27E0C7E10F13}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5D500439-ECEC-4CDB-AC8B-DB50971EDDEB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6C9406FE-C73E-4764-AA30-8FE899AD99BA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F814FC3B-EAC6-4C60-A5BD-EBA3693436AE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A6E3BA71-A1FB-4A93-B66F-B571411C34A3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FF5BAE15-444B-4DE9-AA61-6032DA7015FD}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{B354922F-DC4B-4300-B96D-5CC300E6E583}C:\games\divinity original sin\shipping\eocapp.exe] => (Block) C:\games\divinity original sin\shipping\eocapp.exe
FirewallRules: [UDP Query User{EBD677F1-A4BA-48B2-B37E-1ADC87836E93}C:\games\divinity original sin\shipping\eocapp.exe] => (Block) C:\games\divinity original sin\shipping\eocapp.exe
FirewallRules: [{2DE4F318-352E-4089-8D61-BF5E975C22CB}] => (Allow) C:\Steam\SteamApps\common\MarchOfWar\game.exe
FirewallRules: [{57889A54-6C4C-4521-9E47-F90F6B8860B4}] => (Allow) C:\Steam\SteamApps\common\MarchOfWar\game.exe
FirewallRules: [TCP Query User{4BFA72DC-4B5D-423E-881E-7244D33C5EA8}C:\steam\steamapps\common\marchofwar\marchofwar.exe] => (Allow) C:\steam\steamapps\common\marchofwar\marchofwar.exe
FirewallRules: [UDP Query User{E87D5883-9DAD-4F35-84FE-9D11FE0FEDA0}C:\steam\steamapps\common\marchofwar\marchofwar.exe] => (Allow) C:\steam\steamapps\common\marchofwar\marchofwar.exe
FirewallRules: [TCP Query User{6427D046-8096-4AEA-91F9-03BAA2717C41}C:\games\soldat\soldat.exe] => (Allow) C:\games\soldat\soldat.exe
FirewallRules: [UDP Query User{7FEA7038-4E15-401D-A183-760E58FB1BE4}C:\games\soldat\soldat.exe] => (Allow) C:\games\soldat\soldat.exe
FirewallRules: [{25A3A500-BBCA-498F-AD2C-FE5B7DB2133F}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{98C0D1FA-9EF6-4B49-912E-DEB8BCCA6B3C}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{FE776BE0-D8CB-469B-B85C-F6E8848DE2BB}] => (Allow) C:\Games\Stronghold2\Stronghold2.exe
FirewallRules: [{8E3F103A-FBE6-487B-84C7-859677723A89}] => (Allow) C:\Games\Stronghold2\Stronghold2.exe
FirewallRules: [{8E433C37-C66A-4833-A35B-5E0D78771A88}] => (Allow) C:\Games\Battle.net\Battle.net.exe
FirewallRules: [{7570106F-9F09-4CCF-ABD5-AEFB54C98466}] => (Allow) C:\Games\Battle.net\Battle.net.exe
FirewallRules: [{035A2348-C679-4F13-8415-A6976AF14546}] => (Allow) C:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [{191F48EE-CAB7-4906-91ED-D98F9A702275}] => (Allow) C:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [{95803439-1642-4D9F-88B5-3483BA8A18C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{7B3DDEDE-14BB-455B-B12C-6940E78C59D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [TCP Query User{C9F8A110-B621-40C9-AD98-6B3863380434}C:\games\star conflict\launcher.exe] => (Allow) C:\games\star conflict\launcher.exe
FirewallRules: [UDP Query User{8394BEC0-3656-4783-BECA-6B1604B05E7D}C:\games\star conflict\launcher.exe] => (Allow) C:\games\star conflict\launcher.exe
FirewallRules: [{0583EB7A-F2FD-4AB2-A663-19DA22D19E31}] => (Allow) C:\Games\BattleLine\BattleLine.exe
FirewallRules: [{B615B89E-65D2-46B9-BDCB-29C44B5BE625}] => (Allow) C:\Games\BattleLine\BattleLine.exe
FirewallRules: [{78986F55-D732-404C-8697-9EB45CE59DEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{CDA7069C-D996-43E9-80A2-16E062A991BC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{10547F49-7387-47FC-B44B-9D9CC449210A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{CF54F210-4025-4DB8-B7DA-3EF9EB373416}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{B7B44F26-B28A-4FE0-B773-61E1E03295D7}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{1B645315-305A-4484-B1DB-D350ABB75AEF}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{CA411531-C73A-4302-B55A-182B6438D1BD}] => (Allow) C:\Users\Dolge\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D4C480F4-5716-49E3-B19E-B062D7F34AFC}] => (Allow) C:\Users\Dolge\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1C1D8647-8DD9-4DC2-80A3-68C217B7A60B}] => (Allow) C:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{1D8E6F23-0A8C-4751-9F77-9ACC343D3CF4}] => (Allow) C:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{2A6B2CE9-4078-4B73-84A3-68FF3E6221D0}] => (Allow) C:\Games\Hellgate Global\HGLLauncher.exe
FirewallRules: [{5F4A2E40-18BA-4F50-BB4F-9EDEBA06FE7B}] => (Allow) C:\Games\Hellgate Global\HGLLauncher.exe
FirewallRules: [{BE518750-AD7D-4B3B-80BE-D4D1BCA11691}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{67322C8E-DDF5-4C34-BD59-932E9773F83A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{33405337-C303-48DC-B0E7-037258A2DBAB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{85BBAF09-1083-42A4-9426-83864148596B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{18305853-6B59-4E5B-8B7E-A91AFEA34046}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{18C5DED6-8445-4A7D-A36B-A8A7EBC38721}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island Epidemic\Dead Island Epidemic - Launcher.exe
FirewallRules: [{EED399BD-54D1-4565-8277-C7E8DC337B01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Commander\Guild Commander.exe
FirewallRules: [{5B829818-ACE8-4DF1-B603-837AA6846A07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guild Commander\Guild Commander.exe
FirewallRules: [{E41162E3-AB7B-434D-8598-EA6AFF114E9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VictoryAtSea\VictoryAtSea.exe
FirewallRules: [{2DBA41F1-C6C4-4D67-9692-39CB22BFA047}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VictoryAtSea\VictoryAtSea.exe
FirewallRules: [TCP Query User{D8D247BA-EF72-4DCB-850D-686422DF1F27}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{5949E6F8-A7B3-4E7D-AA5D-6CDAC3C91FC2}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{39ADA0A7-1CA5-496D-B34F-BC0CA322BC41}C:\program files (x86)\windward\windward.exe] => (Allow) C:\program files (x86)\windward\windward.exe
FirewallRules: [UDP Query User{882CCC20-E24E-4F29-93EC-EA1188BB38F1}C:\program files (x86)\windward\windward.exe] => (Allow) C:\program files (x86)\windward\windward.exe
FirewallRules: [{0ECE90B1-C2FF-48CC-9443-A9A81938FEB9}] => (Block) %SystemDrive%\Games\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{A3C066A3-EC82-489C-95E9-72841CBB82E1}] => (Block) %SystemDrive%\Games\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{9FE1845D-26BB-443B-84F6-92A40A3E24AB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B45A4275-80B9-4496-BC2D-744D5BB207AA}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EF9BC642-EB3F-45C5-BBFC-E24BE16D1E2E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{90CD97E7-3E80-447F-8A65-06A2EAF2C0BA}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{BBD8C299-909E-4249-AFD5-6F997F5B4AFD}] => (Allow) C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\IEUpdate\LocationNotifications.exe
FirewallRules: [{A8F9D110-ABB9-41F8-B9A0-FA30B25A156F}] => (Allow) C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\IEUpdate\LocationNotifications.exe
FirewallRules: [{E986E5D6-F9E0-4756-8E4A-48891EC31DDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D781AB8-DF27-475E-9127-5A2AD6105758}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4453503-93C5-442E-8E9C-076F8161CF4F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BD44DB39-2BE4-40FA-88B3-3E51A712808D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B748EDD6-9863-4140-B657-AC03A8850C92}] => (Allow) LPort=49172
FirewallRules: [{13B0CAC6-6427-4A28-A832-4FEBCD02BFD7}] => (Allow) LPort=5000
FirewallRules: [{3A8B2F91-406A-4963-97FB-5745AD5284F8}] => (Allow) LPort=49214
FirewallRules: [{8797124C-A122-40B5-BDB8-6CDB7758FC50}] => (Allow) LPort=5000
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2015 03:21:03 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/06/2015 02:50:56 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/06/2015 11:02:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/06/2015 11:00:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/06/2015 10:56:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/06/2015 10:52:02 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/06/2015 02:57:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16644, Zeitstempel: 0x5527ea05
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0e453a70
ID des fehlerhaften Prozesses: 0x18f8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (06/06/2015 02:57:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16644, Zeitstempel: 0x5527ea05
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0e453a70
ID des fehlerhaften Prozesses: 0x18f8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (06/05/2015 03:07:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/05/2015 02:43:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (06/06/2015 03:21:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/06/2015 02:57:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (06/06/2015 02:52:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/06/2015 02:52:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (06/06/2015 02:50:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/06/2015 02:50:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/06/2015 02:50:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (06/06/2015 02:48:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%109

Error: (06/06/2015 02:48:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/06/2015 02:48:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office:
=========================
Error: (06/06/2015 03:21:03 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/06/2015 02:50:56 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/06/2015 11:02:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/06/2015 11:00:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/06/2015 10:56:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary rnporqmj.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/06/2015 10:52:02 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/06/2015 02:57:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.166445527ea05unknown0.0.0.000000000c000041d0e453a7018f801d09f91fd0e3cc3C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown0d75be71-0be7-11e5-af6a-bc5ff45ec1c4

Error: (06/06/2015 02:57:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.166445527ea05unknown0.0.0.000000000c00000050e453a7018f801d09f91fd0e3cc3C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown0bae8435-0be7-11e5-af6a-bc5ff45ec1c4

Error: (06/05/2015 03:07:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\1&1 Surf-Stick\Component\BKATProtocol.dll

Error: (06/05/2015 02:43:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X3 450 Processor
Percentage of memory in use: 26%
Total physical RAM: 8191.24 MB
Available physical RAM: 6015.64 MB
Total Pagefile: 16380.69 MB
Available Pagefile: 13838.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:107.08 GB) NTFS
Drive d: (TOS) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5B2C1D1A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---

Alt 06.06.2015, 17:10   #7
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Standard

Win 7: istartsurf eingefangen/updates gehen nirgends mehr



Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{6551de96-3d84-4073-9481-a02f40452d9d} 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
2015-06-05 15:41 - 2015-06-05 15:41 - 00002112 _____ C:\Users\Dolge\Desktop\Firefox - CHIP Downloader.lnk
2015-06-05 00:14 - 2015-06-05 00:15 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Dolge\Downloads\SpyHunter-Installer.exe
CreateRestorePoint:
EmptyTemp:
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Wie schaut es nach diesem Fix aus?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 06.06.2015, 17:37   #8
LeBlubb
 
Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Standard

Win 7: istartsurf eingefangen/updates gehen nirgends mehr



ja wunderbar! updates funktionieren wieder alle.

großes dankeschön.
..aber darf ich mal fragen was genau die fixliste jetzt eigentlich gemacht hat? würde mich ma brennend interessieren.

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Dolge at 2015-06-06 18:23:51 Run:1
Running from C:\Users\Dolge\Downloads
Loaded Profiles: Dolge (Available Profiles: Dolge)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{6551de96-3d84-4073-9481-a02f40452d9d} 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
2015-06-05 15:41 - 2015-06-05 15:41 - 00002112 _____ C:\Users\Dolge\Desktop\Firefox - CHIP Downloader.lnk
2015-06-05 00:14 - 2015-06-05 00:15 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Dolge\Downloads\SpyHunter-Installer.exe
CreateRestorePoint:
EmptyTemp:
         
*****************

Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
C:\Users\Dolge\Desktop\Firefox - CHIP Downloader.lnk => moved successfully.
C:\Users\Dolge\Downloads\SpyHunter-Installer.exe => moved successfully.
Restore point was successfully created.
EmptyTemp: => 437.7 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 18:24:41 ====
         

Alt 06.06.2015, 17:42   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Standard

Win 7: istartsurf eingefangen/updates gehen nirgends mehr



1. Sind wir noch nicht fertig.
2. Klar darfst Du fragen. Mit der Fixlist sagen wir FRST, dass es bestimmte Befehle an den PC weitergeben und Änderungen vornehmen soll.

Bitte MBAM-Scan mit aktuellen Datenbanken wiederholen. Log posten. Anschließend:

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 2



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 06.06.2015, 23:11   #10
LeBlubb
 
Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Standard

Win 7: istartsurf eingefangen/updates gehen nirgends mehr



mbam (keine Funde)
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 06.06.2015
Suchlauf-Zeit: 18:51:45
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.06.04
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Dolge

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 393859
Verstrichene Zeit: 22 Min, 49 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Warnen

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
ESET 3 Funde... da is doch noch was im argen.. verdammt.
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=56d0ec54fcc866469e140e25b22e0193
# end=init
# utc_time=2015-06-06 05:21:50
# local_time=2015-06-06 07:21:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24203
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=56d0ec54fcc866469e140e25b22e0193
# end=updated
# utc_time=2015-06-06 05:23:35
# local_time=2015-06-06 07:23:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=56d0ec54fcc866469e140e25b22e0193
# engine=24203
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-06 10:01:11
# local_time=2015-06-07 12:01:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 33144 47116 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 115207 185257921 0 0
# scanned=701164
# found=3
# cleaned=0
# scan_time=16655
sh=C45E295A4F8C57A8A26187876B852B00385AEE31 ft=1 fh=92657eb204f0f992 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=0F5610DD9DC240341ACF7745C4606EC14A5A3E0D ft=1 fh=ec76f2d3008b3853 vn="Variante von Win32/Packed.VMProtect.AAD Trojaner" ac=I fn="C:\Games\fm11temp\activation.exe"
sh=F3EAC0597A452CE3F492D3C54D8963B88B5D609B ft=1 fh=658595c81f1f9501 vn="Variante von MSIL/CoinMiner.RC Trojaner" ac=I fn="C:\Users\Dolge\Downloads\Space Colony Steam Edition (2015) PLAZA\setup.exe"
         
würde es reichen, wenn ich fm11 und space colony einfach deinstalliere? oder muss da was rabiateres ran? das sind eh nur karteileichen, wo die faulheit zuschlägt und man es aus bequemlichkeit nicht deinstalliert. bin da zugegebenermaßen ein wenig schludrig

frst
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Dolge (administrator) on DOLGE-PC on 07-06-2015 00:09:50
Running from C:\Users\Dolge\Downloads
Loaded Profiles: Dolge (Available Profiles: Dolge)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Akamai Technologies, Inc.) C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\RunLegacyCPLElevated.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.EXE
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\OSD.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\GO2Bot\GO2Bot.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Realtek Camera Manager] => C:\Windows\system32\RunLegacyCPLElevated.exe shell32.dll,Control_RunDLL "C:\Windows\system32\Realtek Camera Manager.cpl"
HKLM-x32\...\Run: [SL-6481 Gaming Keyboard] => C:\Program Files (x86)\SPEEDLINK\VIRTUIS Advanced Gaming Keyboard\Monitor.exe [1976832 2014-06-21] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-06] (Avast Software s.r.o.)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Dolge\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\RunOnce: [Adobe Speed Launcher] => 1433608028
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: {32209ca5-2757-11e2-bd8c-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: {a07a7555-5441-11e4-a78f-bc5ff45ec1c4} - H:\setup.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\...\MountPoints2: {bce7935f-2900-11e2-a70d-bc5ff4326929} - E:\setup.exe
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-06] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-4011178475-394731722-3904193916-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-4011178475-394731722-3904193916-1000 -> {86BC90EB-D1D5-40D4-9ED7-76A3617F0109} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-06] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-06] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Dolge\AppData\Roaming\Mozilla\Firefox\Profiles\14bcrzmf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-19] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nexon.co.jp/NxGame -> C:\ProgramData\NexonJP\NGM\npNxGameJP.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2013-12-11] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4011178475-394731722-3904193916-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dolge\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-06] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4011178475-394731722-3904193916-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\Dolge\AppData\Roaming\Mozilla\Plugins\NpFv530.dll No File
FF Plugin HKU\S-1-5-21-4011178475-394731722-3904193916-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-01] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Dolge\AppData\Roaming\Mozilla\Firefox\Profiles\14bcrzmf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-06]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-06] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-06] (Avast Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-19] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-06] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-06] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-14] (Disc Soft Ltd)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8228240 2012-09-19] (Realtek Semiconductor Corp.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-01] (Anchorfree Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-06] (Avast Software)
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 BRDriver64_1_3_3_7ECFDFEA; \??\C:\ProgramData\BitRaider\support\1.3.3\7ECFDFEA\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 19:17 - 2015-06-06 19:17 - 02870984 _____ (ESET) C:\Users\Dolge\Desktop\esetsmartinstaller_deu.exe
2015-06-06 17:20 - 2015-06-06 17:20 - 00000000 ____D C:\Users\Dolge\Desktop\RevoUninstallerPortable
2015-06-06 17:19 - 2015-06-06 17:19 - 02785665 _____ (PortableApps.com) C:\Users\Dolge\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-06-06 17:15 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-06 17:15 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-06 17:15 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-06 17:15 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-06 17:15 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-06 17:15 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-06 17:15 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-06 17:15 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-06 17:15 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-06 17:15 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-06 17:15 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-06 17:15 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-06 17:15 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-06 17:15 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-06 17:15 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-06 17:15 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-06 14:57 - 2015-06-06 18:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-06 14:57 - 2015-06-06 14:57 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-06 14:57 - 2015-06-06 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-06 14:57 - 2015-06-06 14:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-06 14:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-06 14:57 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-06 14:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-06 14:56 - 2015-06-06 14:56 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Dolge\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-06 14:38 - 2015-06-06 14:47 - 00000000 ____D C:\AdwCleaner
2015-06-06 14:38 - 2015-06-06 14:38 - 02231296 _____ C:\Users\Dolge\Downloads\AdwCleaner_4.206.exe
2015-06-06 11:37 - 2015-06-06 11:37 - 00380416 _____ C:\Users\Dolge\Downloads\Gmer-19357.exe
2015-06-06 11:36 - 2015-06-06 15:31 - 00083114 _____ C:\Users\Dolge\Downloads\Addition.txt
2015-06-06 11:35 - 2015-06-07 00:09 - 00018985 _____ C:\Users\Dolge\Downloads\FRST.txt
2015-06-06 11:35 - 2015-06-07 00:09 - 00000000 ____D C:\FRST
2015-06-06 11:34 - 2015-06-06 11:34 - 02108928 _____ (Farbar) C:\Users\Dolge\Downloads\FRST64.exe
2015-06-06 11:33 - 2015-06-06 11:33 - 00000542 _____ C:\Users\Dolge\Downloads\defogger_disable.log
2015-06-06 11:33 - 2015-06-06 11:33 - 00000168 _____ C:\Users\Dolge\defogger_reenable
2015-06-06 11:32 - 2015-06-06 11:32 - 00050477 _____ C:\Users\Dolge\Downloads\Defogger.exe
2015-06-06 11:00 - 2015-06-06 11:00 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\AVAST Software
2015-06-06 10:59 - 2015-06-06 10:59 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-06 10:59 - 2015-06-06 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-06 10:58 - 2015-06-06 17:31 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-06 10:58 - 2015-06-06 10:57 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-06 10:58 - 2015-06-06 10:57 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-06 10:57 - 2015-06-06 10:57 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-06 10:57 - 2015-06-06 10:57 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-06 10:57 - 2015-06-06 10:57 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-06 10:51 - 2015-06-06 10:51 - 00000000 ____D C:\Users\Dolge\AppData\Local\LogMeIn
2015-06-06 10:41 - 2015-06-06 10:42 - 152923328 _____ (Avast Software s.r.o.) C:\Users\Dolge\Downloads\avast_free_antivirus_setup.exe
2015-06-06 02:48 - 2015-06-06 02:48 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-06 02:48 - 2015-06-06 02:48 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-06 02:48 - 2015-06-06 02:48 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-06 02:47 - 2015-06-06 02:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-05 01:32 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150605-013234.backup
2015-06-05 00:31 - 2015-06-05 01:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-05 00:31 - 2015-06-05 00:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-05 00:31 - 2015-06-05 00:31 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-05 00:31 - 2015-06-05 00:31 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-06-05 00:31 - 2015-06-05 00:31 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-05 00:31 - 2015-06-05 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-05 00:31 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-06-05 00:29 - 2015-06-05 00:29 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dolge\Downloads\spybot-2.4.exe
2015-06-05 00:17 - 2015-06-05 00:17 - 00000000 _____ C:\autoexec.bat
2015-06-04 21:53 - 2015-06-04 21:54 - 00000000 ____D C:\Users\Dolge\Zomboid
2015-06-04 21:50 - 2015-06-04 21:50 - 00000000 ____D C:\Users\Dolge\Downloads\Project.Zomboid.Build.32.3
2015-06-04 21:30 - 2015-06-04 21:44 - 562744975 ____R C:\Users\Dolge\Downloads\Project.Zomboid.Build.32.3.zip
2015-06-04 20:29 - 2015-06-04 20:29 - 00000000 ____D C:\Users\Dolge\Downloads\TownCraft.v2.1.6
2015-06-04 20:29 - 2015-06-04 20:29 - 00000000 ____D C:\Users\Dolge\AppData\Local\TownCraft
2015-06-04 20:25 - 2015-06-04 20:29 - 102086988 ____R C:\Users\Dolge\Downloads\TownCraft.v2.1.6.zip
2015-06-02 18:27 - 2015-06-06 02:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-29 00:33 - 2015-05-29 00:33 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-05-19 17:12 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 17:12 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 00:09 - 2015-05-16 00:10 - 04545280 _____ (Microsoft Corporation ) C:\Users\Dolge\Downloads\setup.exe
2015-05-15 23:22 - 2015-05-15 23:22 - 00000000 ____D C:\ProgramData\Stardock
2015-05-15 23:20 - 2015-05-15 23:20 - 00000831 _____ C:\Users\Dolge\Desktop\Galactic Civilizations III.lnk
2015-05-15 23:20 - 2015-05-15 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Civilizations III
2015-05-15 19:43 - 2015-05-15 19:43 - 00001612 _____ C:\Users\Public\Desktop\Not A Hero.lnk
2015-05-15 18:44 - 2015-05-15 21:41 - 00000000 ____D C:\Users\Dolge\Documents\Windward
2015-05-15 18:41 - 2015-06-05 11:14 - 00000000 ____D C:\Program Files (x86)\Windward
2015-05-15 18:39 - 2015-05-15 20:01 - 00000000 ____D C:\Users\Dolge\Downloads\Galactic.Civilizations.III-CODEX
2015-05-15 18:36 - 2015-05-15 18:36 - 00000000 ____D C:\Users\Dolge\Downloads\Not a hero
2015-05-15 18:34 - 2015-06-05 12:27 - 00000000 ____D C:\Users\Dolge\Downloads\Windward
2015-05-13 04:39 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 04:39 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 04:39 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 04:39 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 04:39 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 04:39 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 04:39 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 04:39 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 04:39 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 04:39 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 04:39 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 04:39 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 04:39 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 04:39 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 04:39 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 04:39 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 04:39 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 04:39 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 04:39 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 04:39 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 04:39 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 04:39 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 04:39 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 04:39 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 04:39 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 04:39 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 04:39 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 04:39 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 04:39 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 04:39 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 04:39 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 04:38 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 04:38 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 04:38 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 04:38 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 04:38 - 2015-04-10 18:54 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 04:38 - 2015-04-10 18:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 04:38 - 2015-04-10 18:43 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 04:38 - 2015-04-10 18:43 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 04:38 - 2015-04-10 18:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 04:38 - 2015-04-10 18:39 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 04:38 - 2015-04-10 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 04:38 - 2015-04-10 18:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 04:38 - 2015-04-10 18:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 04:38 - 2015-04-10 18:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 04:38 - 2015-04-10 18:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 04:38 - 2015-04-10 18:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 04:38 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 04:38 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 04:38 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 04:38 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 04:38 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 04:38 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 04:38 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-13 04:38 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 04:38 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 04:38 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-13 04:38 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-13 04:38 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-13 04:37 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 04:37 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 04:37 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 23:32 - 2013-09-24 16:23 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-06 23:22 - 2013-04-06 14:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-06 21:56 - 2012-11-05 16:46 - 01303688 _____ C:\Windows\WindowsUpdate.log
2015-06-06 18:41 - 2009-07-14 06:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-06 18:41 - 2009-07-14 06:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-06 18:32 - 2015-02-06 17:22 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Raptr
2015-06-06 18:29 - 2013-08-27 15:50 - 00000000 ____D C:\Users\Dolge\AppData\Local\LogMeIn Hamachi
2015-06-06 18:27 - 2013-09-24 16:23 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-06 18:26 - 2015-03-23 19:26 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-06 18:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 18:26 - 2009-07-14 06:51 - 00035882 _____ C:\Windows\setupact.log
2015-06-06 18:25 - 2012-11-07 19:29 - 01015436 _____ C:\Windows\PFRO.log
2015-06-06 17:29 - 2014-03-28 01:25 - 00000000 ____D C:\Program Files\GO2Bot
2015-06-06 17:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-06 14:48 - 2012-11-07 20:51 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2015-06-06 14:47 - 2014-12-06 15:46 - 00000747 _____ C:\Users\Dolge\Desktop\ Star Conflict Launcher.lnk
2015-06-06 14:47 - 2014-12-06 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Conflict
2015-06-06 14:47 - 2014-02-27 03:29 - 00000726 _____ C:\Users\Public\Desktop\WarThunder.lnk
2015-06-06 14:47 - 2014-02-27 03:29 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-06-06 14:47 - 2012-11-05 16:51 - 00001166 _____ C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-06 14:47 - 2012-11-05 16:51 - 00000943 _____ C:\Users\Dolge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-06-06 11:33 - 2012-11-05 16:51 - 00000000 ____D C:\Users\Dolge
2015-06-06 10:55 - 2012-11-07 19:01 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-06 10:52 - 2012-11-08 20:01 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Skype
2015-06-06 10:27 - 2014-11-03 20:45 - 00000000 ____D C:\Users\Dolge\AppData\Local\Battle.net
2015-06-06 02:48 - 2012-11-07 18:34 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Mozilla
2015-06-06 02:48 - 2012-11-07 18:34 - 00000000 ____D C:\Users\Dolge\AppData\Local\Mozilla
2015-06-05 21:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-05 15:08 - 2013-02-20 16:56 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB
2015-06-05 15:08 - 2012-11-05 17:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-05 15:06 - 2015-02-27 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wolfman's missions
2015-06-05 14:52 - 2009-07-14 19:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2015-06-05 14:52 - 2009-07-14 19:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2015-06-05 14:52 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-05 14:41 - 2009-07-14 06:45 - 00274240 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-05 14:40 - 2012-11-09 12:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-05 14:40 - 2012-11-09 12:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-05 00:14 - 2012-11-08 20:01 - 00000000 ____D C:\ProgramData\Skype
2015-06-05 00:07 - 2015-02-25 03:36 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\BitTorrent
2015-06-04 23:45 - 2013-04-06 14:16 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-04 23:45 - 2012-11-07 20:14 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-04 23:45 - 2012-11-07 20:14 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-04 23:39 - 2014-03-18 17:01 - 00000000 ____D C:\Program Files (x86)\GO2Bot
2015-06-04 21:24 - 2012-11-07 19:12 - 00000000 ____D C:\Games
2015-06-04 17:33 - 2014-06-29 13:04 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\Winamp
2015-06-04 01:58 - 2014-03-30 16:18 - 00000223 _____ C:\Users\Dolge\Desktop\Neues Textdokument.txt
2015-06-02 21:41 - 2014-01-08 01:54 - 00005736 _____ C:\Users\Dolge\Desktop\GO2 Aufträge.txt
2015-05-29 00:33 - 2012-11-07 19:02 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-19 17:32 - 2013-08-04 13:14 - 00000000 ____D C:\Windows\system32\MRT
2015-05-19 17:32 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-19 17:24 - 2012-11-09 13:09 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-19 17:12 - 2012-11-09 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-19 17:06 - 2014-08-22 15:45 - 00000000 ____D C:\Users\Dolge\AppData\Local\Adobe
2015-05-19 17:03 - 2015-02-06 17:22 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-17 22:31 - 2012-11-07 20:21 - 00000000 ____D C:\Users\Dolge\AppData\Roaming\vlc
2015-05-16 14:28 - 2012-11-05 17:01 - 00061128 _____ C:\Users\Dolge\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-16 02:26 - 2013-09-24 16:23 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 02:26 - 2013-09-24 16:23 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 23:23 - 2013-05-12 22:34 - 00000000 ____D C:\Users\Dolge\AppData\Local\Stardock
2015-05-15 23:20 - 2012-11-09 14:17 - 00000000 ____D C:\Users\Dolge\Documents\My Games
2015-05-15 19:43 - 2013-12-17 04:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-05-15 19:43 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

==================== Files in the root of some directories =======

2012-11-07 20:40 - 2014-03-16 22:35 - 0007600 _____ () C:\Users\Dolge\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 21:25

==================== End of log ============================
         

Geändert von LeBlubb (06.06.2015 um 23:17 Uhr)

Alt 07.06.2015, 07:42   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Standard

Win 7: istartsurf eingefangen/updates gehen nirgends mehr



Ja, deinstalliere das Zeug wenn Du es nicht brauchst. Und lösche notfalls von Hand noch die beiden ESET-Funde.

Das bitte auch deinstallieren:
Java 8 Update 31
Java 8 Update 40

und den Internet Explorer auf 11 updaten.

>>clean<<
Wir haben es geschafft!
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.



Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.

Meine Kauf-Empfehlung:


ESET Smart Security

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Win 7: istartsurf eingefangen/updates gehen nirgends mehr
akamai, antivirus, bluestacks, bonjour, desktop, downloader, firefox, flash player, google, homepage, iexplore.exe, installation, internet explorer, mozilla, problem, programm, realtek, registry, safer networking, scan, security, server, software, super, svchost.exe, system, updates, windows



Ähnliche Themen: Win 7: istartsurf eingefangen/updates gehen nirgends mehr


  1. OurSurfing.com Istartsurf und andere Infektionen eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.05.2015 (35)
  2. Webseiten werden umgeleitet - iStartSurf und mehr
    Log-Analyse und Auswertung - 07.04.2015 (20)
  3. iStartSurf / Goobzo eingefangen...
    Log-Analyse und Auswertung - 02.10.2014 (27)
  4. iStartSurf.com (iStartSurf) entfernen
    Anleitungen, FAQs & Links - 23.07.2014 (2)
  5. Windows 7 Starter startet nach Updates nicht mehr (Microsoft Office Updates)
    Log-Analyse und Auswertung - 31.03.2014 (15)
  6. Updates gehen nicht mehr
    Alles rund um Windows - 16.12.2013 (14)
  7. Programme gehen nicht mehr, kein Antivirenprogramm mehr
    Log-Analyse und Auswertung - 26.10.2012 (11)
  8. Hab ich mir was eingefangen? rechner lahmt seiten gehen auf otl log anbei
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (4)
  9. Firefox 4: kann nirgends mehr einloggen und erhalte ständig Meldung 302
    Plagegeister aller Art und deren Bekämpfung - 15.04.2011 (5)
  10. Updates funktionieren nicht mehr. hab ich mir was eingefangen?
    Log-Analyse und Auswertung - 28.05.2010 (6)
  11. usb ports gehen nicht mehr
    Log-Analyse und Auswertung - 11.01.2010 (2)
  12. Updates gehen nicht mehr, Hijackthis, Spybot etc gehen nicht
    Log-Analyse und Auswertung - 16.09.2009 (16)
  13. Avira updates gehen nicht mehr
    Antiviren-, Firewall- und andere Schutzprogramme - 11.08.2009 (7)
  14. Automatische Updates bei Win XP gehen net
    Log-Analyse und Auswertung - 26.01.2009 (9)
  15. .exe und .com gehen nicht mehr - Virus ?
    Plagegeister aller Art und deren Bekämpfung - 19.11.2008 (5)
  16. .exe dateien gehen nich mehr
    Plagegeister aller Art und deren Bekämpfung - 28.03.2006 (4)
  17. Spybot 1.4 - Updates gehen nicht
    Antiviren-, Firewall- und andere Schutzprogramme - 17.12.2005 (3)

Zum Thema Win 7: istartsurf eingefangen/updates gehen nirgends mehr - Moinsen. ich hab mir dieses lästige Programm istatsurf irgendwie eingefangen. mitsamt ner ganzen anhängerschaft adwares etc. die sind aber schon entfernt, nur das istartsurf selber habe ich noch nich gefunden - Win 7: istartsurf eingefangen/updates gehen nirgends mehr...
Archiv
Du betrachtest: Win 7: istartsurf eingefangen/updates gehen nirgends mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.