Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keylogger?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Rapt0r828

Rapt0r828

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 03 January 2017 - 04:31 AM

Just recently my Uplay account was stolen, had no problem retrieving it, the guy didnt even change my password. I also have the weird issue that sometimes my keyboard doesnt work at all when i am in fullscreen or trying to write something on steam chat, altough everywhere else it works.

Im afraid i have a Keylogger or something else on my System.

I am on Win10 and using Kaspersky Internet Security btw, Windows Firewall is off.

 

I attached a log of Hijackthis. Maybe one of you guys is kind enough to have a look over it.

 

Thanks in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:25 PM

Posted 06 January 2017 - 04:22 PM

Hi Rapt0r828 and welcome to BC.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

I attached a log of Hijackthis.

Unfortunately we no longer use HijackThis.
It's very out of date and doesn't enumerate the latest systems very well.
Please uninstall it.

Let's have a good look at your system

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

BBPP6nz.png


#3 Rapt0r828

Rapt0r828
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 06 January 2017 - 04:35 PM

Thanks for the answer.
 
I attached the 2 reports.

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
durchgeführt von Hannes Fankhauser (Administrator) auf CENTER (06-01-2017 22:32:07)
Gestartet von C:\Users\Hannes Fankhauser\Desktop
Geladene Profile: Hannes Fankhauser (Verfügbare Profile: Hannes Fankhauser)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Electronic Arts) E:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Valve Corporation) E:\Program Files\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Akamai Technologies, Inc.) C:\Users\Hannes Fankhauser\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Hannes Fankhauser\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Valve Corporation) E:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Valve Corporation) E:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Bose Corporation) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe
(GOG.com) E:\gog\GOG Galaxy\GalaxyClient.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Users\Hannes Fankhauser\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(GOG.com) E:\gog\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) E:\gog\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) E:\gog\GOG Galaxy\GalaxyClient Helper.exe
(Valve Corporation) E:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Valve Corporation) E:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-29] (Logitech Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-06-16] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe [1133568 2016-05-24] (Bose Corporation)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-07-01] (Autodesk, Inc.)
HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Hannes Fankhauser\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\Run: [GalaxyClient] => E:\gog\GOG Galaxy\GalaxyClient.exe [3971648 2016-12-20] (GOG.com)
HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\Policies\Explorer: []
HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\MountPoints2: {f5544e9a-4c0d-11e5-be66-806e6f6e6963} - "F:\Autorun.exe"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ac0be169-75a4-4b78-9d05-d6b519f68087}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{ac0be169-75a4-4b78-9d05-d6b519f68087}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp
SearchScopes: HKU\S-1-5-21-4119562290-3693031830-2868936321-1001 -> {270F7689-D9FD-4C2D-BBD9-BF4D0D77F63D} URL = hxxps://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=639975&p={searchTerms}
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: d0ezfqd2.default-1440768493047
FF ProfilePath: c:\programdata\kaspersky lab\safebrowser\pure\s-1-5-21-4119562290-3693031830-2868936321-1001\firefox [nicht gefunden]
FF ProfilePath: C:\Users\Hannes Fankhauser\AppData\Roaming\TomTom\HOME\Profiles\bi4dp9gz.default [2016-06-12]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2016-05-16] [ist nicht signiert]
FF ProfilePath: C:\Users\Hannes Fankhauser\AppData\Roaming\Mozilla\Firefox\Profiles\31vzn1lt.default [2016-04-14]
FF DefaultSearchEngineuser_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");: Mozilla\Firefox\Profiles\31vzn1lt.default -> user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");user_pref("extensions.bootstrappedAddons", "{\"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com\":{\"type\":\"extension\",\"multiprocessCompatible\":false}}");Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\31vzn1lt.default -> Yahoo!
FF Keyword.URL: Mozilla\Firefox\Profiles\31vzn1lt.default -> hxxps://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=639975&p=
FF Homepage: Mozilla\Firefox\Profiles\31vzn1lt.default -> user_pref("browser.keywordURLPromptDeclined", 1);\r\nhxxps://at.search.yahoo.com/?type=639975&fr=spigot-yhp-ff
FF Extension: (FEBE) - C:\Users\Hannes Fankhauser\AppData\Roaming\Mozilla\Firefox\Profiles\31vzn1lt.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-08-27]
FF Extension: (Kein Name) - C:\Users\Hannes Fankhauser\AppData\Roaming\Mozilla\Firefox\Profiles\31vzn1lt.default\extensions\deskCutv2@gmail.com [nicht gefunden]
FF Extension: (Kein Name) - C:\Users\Hannes Fankhauser\AppData\Roaming\Mozilla\Firefox\Profiles\31vzn1lt.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [nicht gefunden]
FF Extension: (Kein Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [nicht gefunden]
FF ProfilePath: C:\Users\Hannes Fankhauser\AppData\Roaming\Mozilla\Firefox\Profiles\d0ezfqd2.default-1440768493047 [2017-01-06]
FF NewTab: Mozilla\Firefox\Profiles\d0ezfqd2.default-1440768493047 -> google.at
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\d0ezfqd2.default-1440768493047 -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\d0ezfqd2.default-1440768493047 -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\d0ezfqd2.default-1440768493047 -> google.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\d0ezfqd2.default-1440768493047 -> hxxps://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=639975&p=
FF Extension: (20-20 3D Viewer - IKEA) - C:\Users\Hannes Fankhauser\AppData\Roaming\Mozilla\Firefox\Profiles\d0ezfqd2.default-1440768493047\Extensions\2020Player_IKEA@2020Technologies.com [2015-10-14]
FF Extension: (Video DownloadHelper) - C:\Users\Hannes Fankhauser\AppData\Roaming\Mozilla\Firefox\Profiles\d0ezfqd2.default-1440768493047\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
FF Extension: (Adblock Plus) - C:\Users\Hannes Fankhauser\AppData\Roaming\Mozilla\Firefox\Profiles\d0ezfqd2.default-1440768493047\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2015-08-27] () [Datei ist nicht signiert]
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-15] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-10-04] (BitRaider, LLC)
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-08-29] (Chip Digital GmbH) [Datei ist nicht signiert]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
S3 GalaxyClientService; E:\gog\GOG Galaxy\GalaxyClientService.exe [284224 2016-12-20] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-12-20] (GOG.com)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-29] (Logitech Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-11-07] (Electronic Arts)
R2 Origin Web Helper Service; E:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-11-07] (Electronic Arts)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-06-20] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-10-27] (BitRaider)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
R0 CSCrySec; C:\WINDOWS\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
R1 CSVirtualDiskDrv; C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-05-04] (LogMeIn Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78200 2015-12-01] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [237912 2016-12-02] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-12-04] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [992600 2016-08-16] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [51288 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-08-16] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194440 2015-12-02] (AO Kaspersky Lab)
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-09-29] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_848dea456d3c865e\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51224 2016-04-08] (Razer Inc)
R3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [47640 2016-04-08] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-06 22:32 - 2017-01-06 22:32 - 00037744 _____ C:\Users\Hannes Fankhauser\Desktop\FRST.txt
2017-01-06 22:31 - 2017-01-06 22:32 - 00000000 ____D C:\FRST
2017-01-06 22:30 - 2017-01-06 22:30 - 02418176 _____ (Farbar) C:\Users\Hannes Fankhauser\Desktop\FRST64.exe
2017-01-03 10:18 - 2017-01-03 10:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hannes Fankhauser\Downloads\HijackThis.exe
2017-01-01 16:58 - 2017-01-01 16:58 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\Local\GalaxyCommunicationService
2017-01-01 16:57 - 2017-01-01 16:57 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\LocalLow\CDProjektRED
2017-01-01 16:57 - 2017-01-01 16:57 - 00000000 ____D C:\ProgramData\CDProjekt RED
2017-01-01 16:51 - 2017-01-01 16:51 - 00004061 _____ C:\Users\Hannes Fankhauser\AppData\Local\recently-used.xbel
2017-01-01 16:43 - 2017-01-01 16:43 - 08876004 _____ C:\Users\Hannes Fankhauser\Desktop\OpenDocument Text (neu).odt
2016-12-30 23:30 - 2016-12-30 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-12-30 23:30 - 2016-12-30 23:30 - 00000701 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk
2016-12-30 23:29 - 2016-12-30 23:29 - 00000000 ____D C:\ProgramData\GOG.com
2016-12-26 00:08 - 2016-12-26 00:08 - 00011675 _____ C:\Users\Hannes Fankhauser\Desktop\Arma3Launcher_Exception_20161225T230851.txt
2016-12-25 23:12 - 2016-12-30 23:41 - 00000976 _____ C:\Users\Public\Desktop\Gwent.lnk
2016-12-25 23:12 - 2016-12-30 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2016-12-25 23:11 - 2016-12-25 23:11 - 150845368 _____ (GOG.com ) C:\Users\Hannes Fankhauser\Downloads\setup_gwent_1.1.25.13_de.exe
2016-12-25 23:11 - 2016-12-25 23:11 - 00000064 _____ C:\Users\Hannes Fankhauser\Downloads\gogGalaxy.auth
2016-12-22 01:02 - 2016-12-22 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-21 21:59 - 2017-01-01 16:42 - 00001138 _____ C:\Users\Hannes Fankhauser\Desktop\Edain Mod Launcher.lnk
2016-12-21 21:59 - 2016-12-21 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Edain Mod
2016-12-21 21:52 - 2016-12-21 21:52 - 00001357 _____ C:\Users\Hannes Fankhauser\Desktop\Edain Mod Dagor Dagorath Submod1.8.lnk
2016-12-21 21:36 - 2016-12-21 21:53 - 01580210 _____ (Epic Mod Dagor Dagorath Team ) C:\Users\Hannes Fankhauser\Downloads\BFME2 Assets.exe
2016-12-21 21:35 - 2016-12-21 21:50 - 1649419122 _____ (EpicMod-Dagor Dagorath Team ) C:\Users\Hannes Fankhauser\Downloads\Dagor Dagorath 1.8 ROTWK Installer.exe
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-17 15:13 - 2016-12-17 15:13 - 00003296 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-14 20:00 - 2016-12-14 20:00 - 02033719 _____ C:\Users\Hannes Fankhauser\Downloads\Invasion_of_Rohan_-_Fords_of_Isen.rar
2016-12-14 05:53 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 05:53 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 05:53 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 05:53 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 05:53 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 05:53 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 05:53 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 05:53 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 05:53 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 05:53 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 05:53 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 05:53 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 05:53 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 05:53 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 05:53 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 05:53 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 05:53 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 05:53 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 05:53 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 05:53 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 05:53 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 05:53 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 05:53 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 05:53 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 05:53 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 05:53 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 05:53 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 05:53 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 05:53 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 05:53 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 05:53 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 05:53 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 05:53 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 05:53 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 05:53 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 05:52 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 05:52 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 05:52 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 05:52 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 05:52 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 05:52 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 05:52 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 05:52 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 05:52 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 05:52 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 05:52 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 05:52 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 05:52 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 05:52 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 05:52 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 05:52 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 05:52 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 05:52 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 05:52 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 05:52 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 05:52 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 05:52 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 05:52 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 05:52 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 05:52 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 05:52 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 05:52 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 05:52 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 05:52 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 05:52 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 05:52 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 05:52 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 05:52 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 05:52 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 05:52 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 05:52 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 05:52 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 05:52 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 05:52 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 05:52 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 05:52 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 05:52 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 05:52 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 05:52 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 05:52 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 05:52 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 05:52 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 05:52 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 05:52 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 05:52 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 05:52 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 05:52 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 05:52 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 05:52 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 05:52 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 05:52 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 05:52 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 05:52 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 05:52 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 05:52 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 05:52 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 05:52 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 05:52 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 05:52 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 05:52 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 05:52 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 05:52 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 05:52 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 05:52 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 05:52 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 05:52 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 05:52 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 05:52 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 05:52 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 05:52 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 05:52 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 05:52 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 05:52 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 05:52 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 05:46 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-14 05:45 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-11 17:36 - 2016-12-14 18:36 - 00001764 _____ C:\WINDOWS\setupact.log
2016-12-09 16:12 - 2016-11-11 11:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-09 16:12 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 16:12 - 2016-11-11 11:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-09 16:12 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 16:12 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 16:12 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 16:12 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 16:12 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 16:12 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 16:12 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 16:12 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 16:12 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 16:12 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 16:12 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 16:12 - 2016-11-11 10:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-09 16:12 - 2016-11-11 10:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-09 16:12 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 16:12 - 2016-11-11 10:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-09 16:12 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 16:12 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 16:12 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 16:12 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 16:12 - 2016-11-11 10:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 16:12 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 16:12 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 16:12 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 16:12 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 16:12 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 16:12 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 16:12 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 16:12 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 16:12 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 16:12 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 16:12 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 16:12 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 16:12 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 16:12 - 2016-11-11 10:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-09 16:12 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 16:12 - 2016-11-11 10:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-09 16:12 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 16:12 - 2016-11-11 10:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-09 16:12 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 16:12 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 16:12 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 16:12 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 16:12 - 2016-11-11 10:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-09 16:12 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 16:12 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 16:12 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 16:12 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 16:12 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 16:12 - 2016-11-11 10:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-09 16:12 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 16:12 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 16:12 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 16:12 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 16:12 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 16:12 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 16:12 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 16:12 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 16:12 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 16:12 - 2016-11-11 10:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-09 16:12 - 2016-11-11 10:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-09 16:12 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 16:12 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 16:12 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 16:12 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 16:12 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 16:12 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 16:12 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 16:12 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 16:12 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 16:12 - 2016-11-11 10:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-09 16:12 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 16:12 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 16:12 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 16:12 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 16:12 - 2016-11-11 09:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-09 16:12 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 16:12 - 2016-11-11 08:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-09 16:12 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 16:12 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 16:12 - 2016-11-11 08:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-09 16:12 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 16:12 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 16:12 - 2016-11-11 08:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-09 16:12 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 16:12 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 16:12 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 16:12 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 16:12 - 2016-11-11 08:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 16:12 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 16:12 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 16:12 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 16:12 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 16:12 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 16:12 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 16:12 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 16:12 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 16:12 - 2016-11-11 08:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 16:12 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 16:12 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 16:12 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 16:12 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 16:12 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 16:12 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 16:12 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 16:12 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 16:12 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 16:12 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 16:12 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 16:12 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 16:12 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 16:12 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 16:12 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 16:12 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 16:12 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 16:12 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 16:12 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 16:12 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 16:12 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 16:12 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 16:12 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 16:12 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 16:12 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 16:12 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 16:12 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 16:11 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 16:11 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 16:11 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 16:11 - 2016-11-11 11:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-09 16:11 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 16:11 - 2016-11-11 11:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-09 16:11 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-09 16:11 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 16:11 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-09 16:11 - 2016-11-11 10:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-09 16:11 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 16:11 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-09 16:11 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 16:11 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 16:11 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 16:11 - 2016-11-11 10:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-09 16:11 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 16:11 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 16:11 - 2016-11-11 10:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-09 16:11 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 16:11 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-09 16:11 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 16:11 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 16:11 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 16:11 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 16:11 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 16:11 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-09 16:11 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-09 16:11 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 16:11 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 16:11 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-09 16:11 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 16:11 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-09 16:11 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-09 16:11 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-09 16:11 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-09 16:11 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-09 16:11 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-09 16:11 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-09 16:11 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-09 16:11 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-09 16:11 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 16:11 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-09 16:11 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-09 16:11 - 2016-11-11 10:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-09 16:11 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 16:11 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-09 16:11 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 16:11 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-09 16:11 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 16:11 - 2016-11-11 10:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-09 16:11 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 16:11 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-09 16:11 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 16:11 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 16:11 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 16:11 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-09 16:11 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-09 16:11 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-09 16:11 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-09 16:11 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-09 16:11 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-09 16:11 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 16:11 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-09 16:11 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-09 16:11 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-09 16:11 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 16:11 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-09 16:11 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-09 16:11 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-09 16:11 - 2016-11-11 10:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-09 16:11 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-09 16:11 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-09 16:11 - 2016-11-11 10:07 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-12-09 16:11 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-09 16:11 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 16:11 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-09 16:11 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-09 16:11 - 2016-11-11 10:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-09 16:11 - 2016-11-11 10:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-09 16:11 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-09 16:11 - 2016-11-11 10:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-09 16:11 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-09 16:11 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 16:11 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-09 16:11 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-09 16:11 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-09 16:11 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-09 16:11 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-09 16:11 - 2016-11-11 10:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-09 16:11 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-09 16:11 - 2016-11-11 10:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-09 16:11 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-09 16:11 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 16:11 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-09 16:11 - 2016-11-11 09:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-09 16:11 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-09 16:11 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-09 16:11 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 16:11 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-09 16:11 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 16:11 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 16:11 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 16:11 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-09 16:11 - 2016-11-11 08:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-09 16:11 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-09 16:11 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 16:11 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 16:11 - 2016-11-11 08:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-09 16:11 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-09 16:11 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-09 16:11 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 16:11 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 16:11 - 2016-11-11 08:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-09 16:11 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 16:11 - 2016-11-11 08:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-09 16:11 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-09 16:11 - 2016-11-11 08:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-09 16:11 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 16:11 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-09 16:11 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 16:11 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-09 16:11 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-09 16:11 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 16:11 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-09 16:11 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 16:11 - 2016-11-11 08:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-09 16:11 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-09 16:11 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 16:11 - 2016-11-11 08:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-09 16:11 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-09 16:11 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 16:11 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 16:11 - 2016-11-11 08:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-09 16:11 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 16:11 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 16:11 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 16:11 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 16:11 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 16:11 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-09 16:11 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 16:11 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-07 15:16 - 2016-12-07 15:16 - 00573820 _____ C:\Users\Hannes Fankhauser\Downloads\Resurrection_of_Angmar_-_Angmar.rar
2016-12-07 15:15 - 2016-12-07 15:15 - 04881652 _____ C:\Users\Hannes Fankhauser\Downloads\map_from_RJ.rar
2016-12-07 15:15 - 2016-12-07 15:15 - 02017954 _____ C:\Users\Hannes Fankhauser\Downloads\BOTFA_Dol_Guldur_Mission.rar
2016-12-07 15:14 - 2016-12-07 15:14 - 06407317 _____ C:\Users\Hannes Fankhauser\Downloads\Flavor_Map-Pack_1.1.zip
2016-12-07 15:14 - 2016-12-07 15:14 - 01394251 _____ C:\Users\Hannes Fankhauser\Downloads\Gundabad.1.rar
2016-12-07 15:13 - 2016-12-07 15:13 - 00875974 _____ C:\Users\Hannes Fankhauser\Downloads\Minas_Tirith_The_White_City_v2.0.rar
2016-12-07 15:13 - 2016-12-07 15:13 - 00635884 _____ C:\Users\Hannes Fankhauser\Downloads\Nargothrond_by_SilverBane.9.zip
2016-12-07 09:47 - 2016-12-07 09:48 - 00109671 _____ C:\Users\Hannes Fankhauser\Downloads\A_Fortress_Defence_Edain_version.zip
2016-12-07 09:44 - 2016-12-07 09:44 - 01440596 _____ C:\Users\Hannes Fankhauser\Downloads\Helms_Deep_Defense.rar

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-06 22:30 - 2016-08-26 23:14 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\Roaming\Skype
2017-01-06 22:20 - 2015-08-27 13:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-01-06 22:16 - 2016-09-28 03:01 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-06 20:32 - 2015-08-27 15:04 - 00000000 ____D C:\Users\Hannes Fankhauser\Documents\The Witcher 3
2017-01-06 09:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-05 11:52 - 2016-09-28 03:03 - 00000000 ____D C:\Users\Hannes Fankhauser
2017-01-05 11:51 - 2015-12-04 09:40 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\Local\CrashDumps
2017-01-05 10:11 - 2016-07-16 23:51 - 01233898 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-05 10:11 - 2016-07-16 23:51 - 00300870 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-05 10:11 - 2015-08-29 00:00 - 02840358 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-05 10:06 - 2015-08-27 14:55 - 00000000 ___RD C:\Users\Hannes Fankhauser\Dropbox
2017-01-05 10:05 - 2016-11-19 02:07 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\LocalLow\Mozilla
2017-01-05 10:05 - 2016-09-28 03:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-05 10:05 - 2016-09-28 03:02 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-05 10:05 - 2016-07-16 07:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-05 03:19 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-04 23:51 - 2016-05-19 22:39 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\Local\Arma 3 Launcher
2017-01-04 23:51 - 2015-10-26 16:44 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\Roaming\TS3Client
2017-01-04 20:53 - 2016-05-19 22:43 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\Local\Arma 3
2017-01-04 19:52 - 2016-04-14 16:58 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\Roaming\FLV and Media Player
2017-01-04 06:58 - 2016-03-13 00:22 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-03 10:30 - 2016-10-21 00:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-03 10:18 - 2015-08-26 17:20 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\Local\VirtualStore
2017-01-01 16:51 - 2015-08-28 17:22 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\Local\gtk-2.0
2017-01-01 16:51 - 2015-08-28 17:21 - 00000000 ____D C:\Users\Hannes Fankhauser\.gimp-2.8
2016-12-30 23:41 - 2016-07-16 12:47 - 00000000 _SHDC C:\WINDOWS\Installer
2016-12-30 23:41 - 2015-08-29 00:07 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-30 23:41 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-30 23:40 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64
2016-12-30 23:30 - 2016-07-16 12:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-30 23:29 - 2016-07-16 07:04 - 00000000 ___RD C:\Program Files (x86)
2016-12-30 22:53 - 2015-12-05 19:54 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\Local\Ubisoft Game Launcher
2016-12-26 00:27 - 2016-09-28 03:01 - 00303208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-25 23:12 - 2016-07-16 12:47 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-23 03:23 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-22 01:02 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\drivers
2016-12-22 01:02 - 2015-08-27 14:51 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-21 21:12 - 2015-08-27 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-20 07:42 - 2016-09-28 03:03 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-20 07:42 - 2016-09-28 03:03 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-20 07:42 - 2016-07-16 07:04 - 45613056 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-17 15:13 - 2016-09-28 03:03 - 00000000 ___RD C:\Users\Hannes Fankhauser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-17 15:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Tasks
2016-12-17 15:13 - 2015-08-28 23:58 - 00002459 _____ C:\Users\Hannes Fankhauser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-17 15:13 - 2015-08-28 23:58 - 00000000 ___RD C:\Users\Hannes Fankhauser\OneDrive
2016-12-17 14:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-15 07:16 - 2016-09-28 03:03 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 06:58 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-15 06:58 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-15 06:53 - 2016-07-16 12:47 - 00000000 __RSD C:\WINDOWS\assembly
2016-12-14 21:09 - 2015-08-28 14:38 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-14 21:08 - 2016-09-28 03:01 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-14 21:08 - 2016-09-28 03:01 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-14 21:08 - 2016-07-16 12:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-14 21:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\de-DE
2016-12-14 21:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\de-DE
2016-12-14 21:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-14 21:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 21:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-14 16:07 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 16:05 - 2015-08-26 18:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 16:04 - 2015-08-26 18:33 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-14 01:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 01:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-12 21:27 - 2015-08-27 15:04 - 00000000 ____D C:\Users\Hannes Fankhauser\AppData\Local\Steam
2016-12-12 00:56 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-10 16:35 - 2016-09-28 03:03 - 00524288 ___SH C:\Users\Hannes Fankhauser\NTUSER.DAT{cb69a44d-8527-11e6-96ff-c1c8906b9210}.TMContainer00000000000000000002.regtrans-ms
2016-12-10 04:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-10 04:16 - 2016-09-28 03:11 - 00000174 ___SH C:\Users\Hannes Fankhauser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-10 04:16 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-10 04:16 - 2016-07-16 07:04 - 00016384 _____ C:\Users\Default\ntuser.dat
2016-12-10 04:16 - 2015-08-28 23:57 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-10 04:16 - 2015-08-26 19:35 - 00000000 ___RD C:\Users\Hannes Fankhauser\Favorites
2016-12-10 04:16 - 2015-08-26 19:35 - 00000000 ___RD C:\Users\Hannes Fankhauser\Documents
2016-12-10 04:16 - 2015-08-26 17:20 - 00000402 ___SH C:\Users\Hannes Fankhauser\Documents\desktop.ini
2016-12-10 04:16 - 2015-08-26 17:20 - 00000282 ___SH C:\Users\Hannes Fankhauser\Downloads\desktop.ini
2016-12-10 04:16 - 2015-08-26 17:20 - 00000282 ___SH C:\Users\Hannes Fankhauser\Desktop\desktop.ini
2016-12-10 04:16 - 2015-08-26 17:20 - 00000174 ___SH C:\Users\Hannes Fankhauser\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-10 04:16 - 2015-08-26 17:20 - 00000000 ___RD C:\Users\Hannes Fankhauser\Searches
2016-12-10 04:16 - 2015-08-26 17:20 - 00000000 ___RD C:\Users\Hannes Fankhauser\Contacts
2016-12-10 04:16 - 2015-08-26 17:20 - 00000000 ___RD C:\Users\Hannes Fankhauser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-10 04:16 - 2015-08-26 17:20 - 00000000 ___RD C:\Users\Hannes Fankhauser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-10 04:16 - 2015-08-26 17:19 - 00000000 ___RD C:\Users\Hannes Fankhauser\Saved Games
2016-12-10 04:16 - 2015-08-26 17:19 - 00000000 ___RD C:\Users\Hannes Fankhauser\Pictures
2016-12-10 04:16 - 2015-08-26 17:19 - 00000000 ___RD C:\Users\Hannes Fankhauser\Music
2016-12-10 04:16 - 2015-08-26 17:19 - 00000000 ___RD C:\Users\Hannes Fankhauser\Links
2016-12-10 04:15 - 2016-07-16 12:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-10 04:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-10 04:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-10 04:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-10 04:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-10 04:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-10 04:15 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-10 04:15 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-10 04:15 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-10 04:15 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-10 04:14 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-10 04:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-10 04:14 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-10 04:14 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-10 04:14 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-09 15:59 - 2016-07-16 12:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-01-01 16:51 - 2017-01-01 16:51 - 0004061 _____ () C:\Users\Hannes Fankhauser\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-01-06 05:35

==================== Ende von FRST.txt ============================

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-01-2017
durchgeführt von Hannes Fankhauser (06-01-2017 22:32:40)
Gestartet von C:\Users\Hannes Fankhauser\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-28 02:10:56)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4119562290-3693031830-2868936321-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4119562290-3693031830-2868936321-503 - Limited - Disabled)
Gast (S-1-5-21-4119562290-3693031830-2868936321-501 - Limited - Disabled)
Hannes Fankhauser (S-1-5-21-4119562290-3693031830-2868936321-1001 - Administrator - Enabled) => C:\Users\Hannes Fankhauser
HomeGroupUser$ (S-1-5-21-4119562290-3693031830-2868936321-1003 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
A360 Desktop (HKLM\...\{7758802D-9486-4883-9927-CCAC366A3BA4}) (Version: 7.2.3.1800 - Autodesk)
ACA & MEP 2017 Object Enabler (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (Version: 21.0.52.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (HKLM\...\Steam App 105450) (Version: - Ensemble Studios)
Akamai NetSession Interface (HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
ArtMoney SE v7.45 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.45 - System SoftLab)
Ashes of the Singularity (Beta) (HKLM-x32\...\Steam App 228880) (Version: - Oxide Games)
Assassin's Creed Syndicate (HKLM\...\Steam App 368500) (Version: - Ubisoft Quebec, in collaboration with Ubisoft Annecy, Bucharest, Kiev, Montreal, Montpellier, Shanghai, Singapore, Sofia, Toronto studios)
Asus Sonic Suite Plugins (x32 Version: 2.1.2401 - ASUSTeKcomputer.Inc) Hidden
Aufstieg des Hexenkönigs™ (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - )
AutoCAD 2017 - Deutsch (German) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - Deutsch (German) (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - Deutsch (German) (HKLM\...\AutoCAD 2017 - Deutsch (German)) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk Desktop-App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.2.0.174 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
Autodesk ReCap 360 (Version: 3.0.0.52 - Autodesk) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefleet Gothic: Armada (HKLM\...\Steam App 363680) (Version: - Tindalos Interactive)
BFME2 Assets 1.00 (HKLM-x32\...\BFME2 Assets 1.00) (Version: 1.00 - Epic Mod Dagor Dagorath Team)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version: - 2K Australia)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Call to Arms (HKLM\...\Steam App 302670) (Version: - Digitalmindsoft)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Command: Modern Air / Naval Operations WOTY (HKLM\...\Steam App 321410) (Version: - WarfareSims)
Command: Northern Inferno (HKLM\...\Steam App 397180) (Version: - WarfareSims)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive)
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version: - Eidos Montreal)
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.22.22.1020 - Electronic Arts Inc.)
Divinity: Original Sin Enhanced Edition (HKLM\...\Steam App 373420) (Version: - Larian Studios)
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
Dragon's Dogma: Dark Arisen (HKLM-x32\...\Steam App 367500) (Version: - Capcom)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Edain Mod Dagor Dagorath Submod 1.8 (HKLM-x32\...\Edain Mod Dagor Dagorath Submod 1.8) (Version: 1.8 - EpicMod-Dagor Dagorath Team)
Edain Mod (HKLM-x32\...\{64EC673E-0B9F-4D2E-9B98-0027ABBA0B27}_is1) (Version: 4.3 - Edain Mod Team)
Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
FARO LS 1.1.505.0 (64bit) (HKLM-x32\...\{8834451B-6209-4E02-9EF4-4EF9E3C1F70F}) (Version: 5.5.0.44203 - FARO Scanner Production)
FLV and Media Player 4.2.1.1 (HKLM-x32\...\FLV and Media Player) (Version: 4.2.1.1 - Applian Technologies)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
gupdate 1.00 (HKLM-x32\...\gupdate 1.00) (Version: 1.00 - Company)
Gwent (HKLM-x32\...\1971477531_is1) (Version: 2.0.0.0 - GOG.com)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearts of Iron IV (HKLM\...\Steam App 394360) (Version: - Paradox Development Studios)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Homeworld Remastered Collection (HKLM\...\Steam App 244160) (Version: - Gearbox Software)
Homeworld: Deserts of Kharak (HKLM\...\Steam App 281610) (Version: - Blackbird Interactive)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Network Connections 20.1.2019.0 (HKLM\...\PROSetDX) (Version: 20.1.2019.0 - Intel)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
LIGHTNING RETURNS: FINAL FANTASY XIII (HKLM-x32\...\Steam App 345350) (Version: - SQUARE ENIX)
Logitech Gaming Software 8.88 (HKLM\...\Logitech Gaming Software) (Version: 8.88.30 - Logitech Inc.)
Medieval II: Total War (HKLM\...\Steam App 4700) (Version: - The Creative Assembly)
MEDUSA4 PERSONAL V5.2.1 (HKLM-x32\...\MEDUSA4_PERSONAL_V5_2_1) (Version: V5.2.1 - CAD Schroer)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2013 Shell (Isolated) (HKLM-x32\...\{dd77c2ff-db69-44f7-9e5c-63aa540dfe07}) (Version: 12.0.21005.13 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
NahimicSettingsConfigurator (Version: 2.1.2401 - ASUSTeKcomputer.Inc) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.9 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.1.6605 - Electronic Arts, Inc.)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.7.8 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.616 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version: - Firaxis)
SketchUp-Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sonic Radar II (HKLM\...\{1C06B38D-C6E3-4FD0-8B06-8ADA5AFB6942}) (Version: 2.1.2401 - ASUSTeKcomputer.Inc)
Sonic Studio Plugin (Version: 2.1.2401 - ASUSTeKcomputer.Inc) Hidden
SoundTouch (HKLM-x32\...\{EA7017D5-0763-4D7E-B1C3-3F8C0199520A}) (Version: 12.0.10.14848 - BOSE)
STAR WARS - Galactic Battlegrounds Saga (HKLM\...\{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb) (Version: - )
Star Wars - Rogue Squadron 3D (HKLM\...\{9fe9f217-a9e0-4032-9f7a-86f7206bafa1}.sdb) (Version: - )
Star Wars Rebellion Compatability (HKLM\...\{70f8e27a-b749-4f9a-a67e-937b9a54e30d}.sdb) (Version: - )
Star Wars: Empire at War Gold (HKLM\...\Steam App 32470) (Version: - Petroglyph)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.5.56688 - Electronic Arts)
STAR WARS™ Galactic Battlegrounds Saga (HKLM\...\Steam App 356500) (Version: - Ensemble Studios)
STAR WARS™ Rebellion (HKLM\...\Steam App 441550) (Version: - Coolhand Interactive)
STAR WARS™: Rogue Squadron 3D (HKLM\...\Steam App 455910) (Version: - Factor 5)
Stellaris (HKLM\...\Steam App 281990) (Version: - Paradox Development Studio)
Supreme Ruler Ultimate (HKLM-x32\...\Steam App 314980) (Version: - BattleGoat Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version: - Bethesda Game Studios)
Third Age - Total War 3.0 (Part 1of2) (HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\Third Age - Total War 3.0 (Part 1of2)) (Version: - )
Third Age - Total War 3.0 (Part 2of2) (HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\...\Third Age - Total War 3.0 (Part 2of2)) (Version: - )
TL-WN725N_WN723N Treiber (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version: - Ubisoft)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version: - The Creative Assembly)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 23.0 - Ubisoft)
Verfügbare Autodesk-Apps 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wargame: Red Dragon (HKLM-x32\...\Steam App 251060) (Version: - Eugen Systems)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
X3: Albion Prelude (HKLM\...\Steam App 201310) (Version: - Egosoft)
XCOM 2 (HKLM-x32\...\Steam App 268500) (Version: - Firaxis)
XCOM 2 Development Tools (HKLM-x32\...\Steam App 299990) (Version: - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4119562290-3693031830-2868936321-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4119562290-3693031830-2868936321-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4119562290-3693031830-2868936321-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Autodesk\AutoCAD 2017\de-DE\acadficn.dll (Autodesk, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {05624B47-FFA1-49CA-9FFD-62418AF1229F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {06D7159F-AB1A-45E5-989C-136E50036985} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {0FF0227D-607E-45FA-8416-35851EC18FBA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {1828B7E3-B190-4719-986B-8F45353D88F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {1D551318-7A3C-48FC-ACE7-5475D507520D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {28039A55-A392-4384-87D9-2C5638C048F5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-14] (Microsoft Corporation)
Task: {2C64CA18-5B63-4C92-8048-EDC666BF9080} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3B1696A6-EB5B-4FD2-995C-8D9DB7835C0E} - \WPD\SqmUpload_S-1-5-21-4119562290-3693031830-2868936321-1001 -> Keine Datei <==== ACHTUNG
Task: {41729AF0-D80A-442A-B0D9-FC4E64175BD0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {456E1813-CD1D-4DB3-B76D-685CC6A9319B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {52D87B1B-3F37-4929-BDB6-729BF96133AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {55FE1644-9E2A-402C-A63C-D9731DEC3730} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {643003E1-511F-4845-A0A0-310BB7161502} - System32\Tasks\FRAPS => E:\fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {6D753D85-05ED-414A-B96C-BE873BB1AB9C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {6EF76251-33A7-40BE-B12E-60D7DE956358} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {70391B4C-E091-4785-934D-E6FE1CE90014} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {7B96A76C-5A5D-46FB-A2E3-DFE2DF3C694F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {83D115E2-4489-4D68-BA84-2F2AF0865F62} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {A82BF067-68AC-4FF0-9CB3-22DE82B78BF1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {D80FD758-9E60-4ED2-B8F5-FBCCCE56A860} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {DA76FB52-2BB9-4A5C-AF3E-35AA77D86161} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {E114ADEB-5F0D-4EDF-B63D-E8E6143DAFC1} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {E628AE05-03F5-47E6-8E37-7A7509B6F04F} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Hannes Fankhauser\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {E7C9F1E7-E10F-4511-A539-DBE13BA3197F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {E95010FA-4263-45A7-87FF-F31ECA6E3EAC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Hannes Fankhauser\Desktop\Third Age - Total War.lnk -> E:\Program Files\Steam\SteamApps\common\Medieval II Total War\mods\Third_Age_3\Third Age.bat ()
Shortcut: C:\Users\Hannes Fankhauser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2)\Third Age - Total War.lnk -> E:\Program Files\Steam\SteamApps\common\Medieval II Total War\mods\Third_Age_3\Third Age.bat ()
Shortcut: C:\Users\Public\Desktop\MEDUSA4 PERSONAL V5.2.1.lnk -> C:\MEDUSA4_PERSONAL_V5_2_1\master_project\startmedusa.bat ()

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 05:53 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-28 03:01 - 2013-07-04 02:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-08-29 00:04 - 2015-08-27 14:45 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2016-10-03 05:43 - 2016-10-25 21:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-03 05:43 - 2016-10-25 21:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-03 05:43 - 2016-10-25 21:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2015-11-05 00:11 - 2015-11-05 00:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-09-28 03:02 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-14 05:53 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 15:13 - 2016-12-17 15:13 - 01678560 _____ () C:\Users\Hannes Fankhauser\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-09-28 06:11 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 05:52 - 2016-12-09 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-08 23:30 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 23:30 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 23:30 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 23:30 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 23:30 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-29 00:07 - 2015-08-27 14:46 - 00109848 _____ () C:\WINDOWS\SYSTEM32\AcpiServiceVnA64.dll
2015-08-29 00:07 - 2015-08-27 14:46 - 00096568 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-09-29 22:13 - 2016-09-29 22:13 - 01096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 01:07 - 2015-03-07 01:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-09-29 22:13 - 2016-09-29 22:13 - 00241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-12-15 19:42 - 2015-12-15 19:42 - 00165376 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2015-12-15 19:42 - 2015-12-15 19:42 - 00050176 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-12-15 19:42 - 2015-12-15 19:42 - 00062464 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2015-12-15 19:42 - 2015-12-15 19:42 - 00932864 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2016-01-28 20:24 - 2016-01-28 20:24 - 00231464 _____ () C:\Program Files\Autodesk\Autodesk Sync\plugins\crypto\qca-ossl_Ad_2.dll
2016-12-14 08:41 - 2016-12-14 08:41 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 08:41 - 2016-12-14 08:41 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 08:41 - 2016-12-14 08:41 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 08:41 - 2016-12-14 08:41 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-06-07 04:37 - 2016-06-07 04:37 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-09-28 03:01 - 2017-01-05 10:05 - 00037376 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2016-09-28 03:01 - 2013-07-04 02:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-12-22 01:47 - 2015-12-22 01:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\kpcengine.2.3.dll
2016-08-11 17:14 - 2016-07-01 07:39 - 00110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2016-08-11 17:14 - 2016-07-01 07:39 - 00061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-11-07 15:07 - 2016-11-07 15:07 - 02493440 _____ () E:\Program Files (x86)\Origin\libGLESv2.dll
2015-08-27 14:01 - 2016-10-25 21:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-03 05:43 - 2016-10-25 20:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-03 05:43 - 2016-10-25 20:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-03 05:43 - 2016-10-25 20:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-03 05:43 - 2016-10-25 21:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-03 05:43 - 2016-10-25 21:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-03 05:43 - 2016-10-25 20:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-03 05:43 - 2016-10-25 20:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-03 05:43 - 2016-10-25 20:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-03 05:43 - 2016-10-25 20:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-17 15:13 - 2016-12-17 15:13 - 01244376 _____ () C:\Users\Hannes Fankhauser\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-12-12 21:27 - 2016-12-08 16:13 - 00656160 _____ () E:\Program Files\Steam\SDL2.dll
2016-10-17 11:20 - 2016-09-01 02:02 - 04969248 _____ () E:\Program Files\Steam\v8.dll
2016-12-21 12:05 - 2016-12-20 03:25 - 02322720 _____ () E:\Program Files\Steam\video.dll
2016-10-17 11:20 - 2016-01-27 08:49 - 02549760 _____ () E:\Program Files\Steam\libavcodec-56.dll
2016-10-17 11:20 - 2016-01-27 08:49 - 00491008 _____ () E:\Program Files\Steam\libavformat-56.dll
2016-10-17 11:20 - 2016-01-27 08:49 - 00332800 _____ () E:\Program Files\Steam\libavresample-2.dll
2016-10-17 11:20 - 2016-01-27 08:49 - 00442880 _____ () E:\Program Files\Steam\libavutil-54.dll
2016-10-17 11:20 - 2016-01-27 08:49 - 00485888 _____ () E:\Program Files\Steam\libswscale-3.dll
2016-10-17 11:20 - 2016-09-01 02:02 - 01563936 _____ () E:\Program Files\Steam\icui18n.dll
2016-10-17 11:20 - 2016-09-01 02:02 - 01195296 _____ () E:\Program Files\Steam\icuuc.dll
2016-12-21 12:05 - 2016-12-20 03:25 - 00838944 _____ () E:\Program Files\Steam\bin\chromehtml.DLL
2016-10-17 11:20 - 2016-07-04 23:17 - 00266560 _____ () E:\Program Files\Steam\openvr_api.dll
2016-10-03 05:43 - 2016-10-25 21:20 - 60819000 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2015-12-12 03:07 - 2016-11-11 21:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-12 03:07 - 2016-11-11 21:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-12 03:07 - 2016-11-11 21:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-12 03:07 - 2016-12-21 19:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-12 03:07 - 2016-11-11 21:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 03:07 - 2016-11-11 21:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-22 01:02 - 2016-11-11 21:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-22 01:02 - 2016-11-11 21:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-22 01:02 - 2016-11-11 21:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-12 03:07 - 2016-11-11 21:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 23:56 - 2016-12-21 19:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-22 01:02 - 2016-11-11 21:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-22 01:02 - 2016-11-11 21:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-12 03:07 - 2016-11-11 21:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-12 03:07 - 2016-11-11 21:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-12 03:07 - 2016-12-21 19:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-12 03:07 - 2016-11-11 21:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 23:56 - 2016-12-21 19:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-12 03:07 - 2016-11-11 21:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-12 03:07 - 2016-11-11 21:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-12 03:07 - 2016-11-11 21:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-12 03:07 - 2016-11-11 21:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-12 03:07 - 2016-11-11 21:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-12 03:07 - 2016-11-11 21:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-12 03:07 - 2016-11-11 21:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-06 23:56 - 2016-11-11 21:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-12 03:07 - 2016-11-11 21:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-12 03:07 - 2016-12-21 19:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-19 06:47 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-19 06:47 - 2016-12-21 19:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-19 06:47 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2015-12-12 03:07 - 2016-11-11 21:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-19 06:47 - 2016-12-21 19:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-22 01:02 - 2016-11-11 21:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-22 01:02 - 2016-12-21 19:26 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-12-22 01:02 - 2016-12-03 09:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-12-22 01:02 - 2016-12-21 19:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-22 01:02 - 2016-12-21 19:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-12 03:07 - 2016-11-11 21:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-06 23:56 - 2016-12-21 19:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-22 01:02 - 2016-11-11 21:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-22 01:02 - 2016-11-11 21:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-22 01:02 - 2016-12-21 19:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-12 03:07 - 2016-11-11 21:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-15 02:05 - 2016-12-21 19:26 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-06 23:56 - 2016-12-21 19:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-22 01:02 - 2016-12-21 19:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-12-12 21:27 - 2016-12-05 17:21 - 67304736 _____ () E:\Program Files\Steam\bin\cef\cef.win7\libcef.dll
2016-12-21 12:05 - 2016-12-20 03:25 - 00388384 _____ () E:\Program Files\Steam\steam.dll
2016-06-23 03:34 - 2016-06-23 03:34 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-10-17 11:20 - 2015-09-25 00:52 - 00119208 _____ () E:\Program Files\Steam\winh264.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 53018112 _____ () E:\gog\GOG Galaxy\libcef.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00507968 _____ () E:\gog\GOG Galaxy\PocoUtil.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 01076800 _____ () E:\gog\GOG Galaxy\PocoNet.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 01854528 _____ () E:\gog\GOG Galaxy\PocoData.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00393280 _____ () E:\gog\GOG Galaxy\PocoDataSQLite.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 01589312 _____ () E:\gog\GOG Galaxy\PocoFoundation.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00307776 _____ () E:\gog\GOG Galaxy\PocoNetSSL.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00330816 _____ () E:\gog\GOG Galaxy\PocoJSON.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00104000 _____ () E:\gog\GOG Galaxy\zlib.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00520768 _____ () E:\gog\GOG Galaxy\PocoXML.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00272448 _____ () E:\gog\GOG Galaxy\PocoZip.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00680000 _____ () E:\gog\GOG Galaxy\sqlite.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00425536 _____ () E:\gog\GOG Galaxy\pcre.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00157760 _____ () E:\gog\GOG Galaxy\PocoCrypto.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00152128 _____ () E:\gog\GOG Galaxy\expat.dll
2016-08-11 17:14 - 2013-09-23 18:52 - 00043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2016-08-11 17:14 - 2015-11-05 13:07 - 00052224 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2016-08-11 17:14 - 2015-11-05 13:07 - 00195584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2016-08-11 17:14 - 2015-11-05 13:07 - 00742400 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2016-08-11 17:14 - 2016-07-01 07:05 - 00287680 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\de-DE\AdWingManRes.dll
2016-08-11 17:14 - 2015-09-08 07:31 - 40640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2016-08-11 17:14 - 2014-09-03 01:29 - 00912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2016-08-11 17:14 - 2014-09-03 01:29 - 00134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2016-08-11 17:14 - 2014-09-03 01:29 - 00950272 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\ffmpegsumo.dll
2016-07-06 17:55 - 2015-10-06 20:26 - 50656768 _____ () C:\Users\Hannes Fankhauser\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-07-06 17:55 - 2015-10-06 20:26 - 01874944 _____ () C:\Users\Hannes Fankhauser\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-07-06 17:55 - 2015-10-06 20:26 - 00075264 _____ () C:\Users\Hannes Fankhauser\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 01738752 _____ () E:\gog\GOG Galaxy\libglesv2.dll
2016-12-30 23:29 - 2016-12-20 17:06 - 00078848 _____ () E:\gog\GOG Galaxy\libegl.dll
2015-07-06 19:36 - 2015-07-06 19:36 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\tsrhnmtd.sys:changelist [3456]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\Software\Classes\.scr: AutoCADScriptFile =>

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4119562290-3693031830-2868936321-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{A2B6C040-A6B4-444F-B4D1-A6C304D897D5}] => D:\ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{D0D09D45-E888-471C-85BA-07642F843E20}] => D:\ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{7457B93B-7785-43B3-B91F-D753343CC1F2}] => D:\ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{DCE5C7AC-C54D-4FF8-A4C0-30CB6AB6490D}] => D:\ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{55E9ED73-003D-4519-AB9A-EC2024FC1274}] => E:\Program Files\Steam\SteamApps\common\x3 terran conflict\X3AP.exe
FirewallRules: [{DDA56BB4-E34E-4E8B-897C-E9A6080599C1}] => E:\Program Files\Steam\SteamApps\common\x3 terran conflict\X3AP.exe
FirewallRules: [{F04A3957-B370-49BC-BEA1-DB502CF3D733}] => E:\Program Files (x86)\Ubisoft\The Divison\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{74CEBE23-E9E9-44AA-87C6-775924E223C6}] => E:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{1A383352-E463-49E0-BFC4-D09B9F82097F}] => E:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{17849B46-3A65-4A72-8694-CF2DFFE887D6}] => E:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{499D8C4B-0C4D-4062-9880-595C7FDFC1E3}] => E:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{189E3D91-FAFC-4742-B0AB-78AA607EBE6E}] => E:\Program Files\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{5C6B4D69-49C3-42ED-8E1C-833C9F1CE30C}] => E:\Program Files\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{120BCB6D-AEF3-4EB2-9B0B-6245DBDF998D}] => E:\Program Files\Steam\SteamApps\common\Xenonauts\Xenonauts.exe
FirewallRules: [{F8F2CADA-AF16-4E13-B66A-62F2D8827D0C}] => E:\Program Files\Steam\SteamApps\common\Xenonauts\Xenonauts.exe
FirewallRules: [{F4456533-C082-4F05-ACFA-04C105C21838}] => E:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{5D3238B6-6EC9-429F-B8E1-77E545C8C9E4}] => E:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{D4E611A7-AABE-45EF-8D31-9836011B7CEB}] => E:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{93B15FE1-CD66-4D5A-AC7E-C885007C849F}] => E:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{14DACACE-93C0-461E-8A48-2D91884E4F5B}] => E:\Program Files\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{25EEFE51-66A3-4B80-8E85-11F3F842C610}] => E:\Program Files\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{37805B02-D7B6-4C6C-AEF9-9223B7D812FD}] => E:\Program Files\Steam\SteamApps\common\Assassin's Creed Syndicate\ACS.exe
FirewallRules: [{FE676AE8-61A9-4551-A374-F0D68ACF55AD}] => E:\Program Files\Steam\SteamApps\common\Assassin's Creed Syndicate\ACS.exe
FirewallRules: [{EA6B4D7B-66F4-44C6-8CF7-B5204F5BD6AD}] => E:\Program Files\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{99C6424B-F3BC-4F71-A63F-BA961BBB9018}] => E:\Program Files\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{EB82A966-3DFE-471D-A630-EA91125C4B3A}] => E:\Program Files\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{22B0A239-B40D-4A30-A659-E546639C47E0}] => E:\Program Files\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{EF074CB2-EB9E-4755-8A67-1B6A46CE1880}] => E:\Program Files\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{6524C0C7-FD5E-4773-94DD-A6E0EEEFF993}] => E:\Program Files\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{E3187B1F-1ABC-45A1-9C2D-C118A2AFB6B4}] => E:\Program Files\Steam\SteamApps\common\StarMade\starmade-launcher.exe
FirewallRules: [{E9F27C02-DF13-4846-9D76-BD703777A84D}] => E:\Program Files\Steam\SteamApps\common\StarMade\starmade-launcher.exe
FirewallRules: [{23AE21B8-4C4C-465D-A874-7AB61B273975}] => E:\Program Files\Steam\SteamApps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{52247A45-DABE-411E-A323-3E5E986FA705}] => E:\Program Files\Steam\SteamApps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{1166AB7E-E9B0-487E-A4F5-EADE02D5111D}] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe
FirewallRules: [{D6DC5BB6-042C-46D7-963E-64F365D33F84}] => C:\Program Files (x86)\SoundTouch\SoundTouch.exe
FirewallRules: [UDP Query User{FA1DB756-FB03-419C-A743-83AA1DAD25C2}E:\program files\steam\steamapps\common\arma 3\arma3.exe] => E:\program files\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{1CBC1160-5D7C-4580-BD09-1AA272F4DB8C}E:\program files\steam\steamapps\common\arma 3\arma3.exe] => E:\program files\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{1444614D-44BC-49A2-A449-A6CC3E03B582}] => E:\Program Files\Steam\SteamApps\common\Stellaris\stellaris.exe
FirewallRules: [{6F8D6237-2CFD-4C4A-BE1D-FFD354E015E6}] => E:\Program Files\Steam\SteamApps\common\Stellaris\stellaris.exe
FirewallRules: [{B3EA065F-8123-40B6-9F12-E057B9872868}] => E:\Program Files\Steam\SteamApps\common\Command Modern Air Naval Operations\GameMenu_CMANO\autorun.exe
FirewallRules: [{BC56091C-C08B-494C-8A07-7700DFA3BD6F}] => E:\Program Files\Steam\SteamApps\common\Command Modern Air Naval Operations\GameMenu_CMANO\autorun.exe
FirewallRules: [{D0EE4862-3890-4CED-8E5F-BE964F75492C}] => E:\Program Files\Steam\SteamApps\common\Command Modern Air Naval Operations\GameMenu_CNI\autorun.exe
FirewallRules: [{25F16B8A-F62C-45E1-BB36-75DD45728039}] => E:\Program Files\Steam\SteamApps\common\Command Modern Air Naval Operations\GameMenu_CNI\autorun.exe
FirewallRules: [{6ACD3E50-9E61-4137-87B4-C64962822878}] => E:\Program Files\Steam\SteamApps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{AB013065-7248-449D-BAA8-670631660D26}] => E:\Program Files\Steam\SteamApps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{50CF2D6A-FDAB-444C-8D05-9730341FA3EF}] => E:\Program Files\Steam\SteamApps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{576476F3-47F9-4567-A708-61D096EE683C}] => E:\Program Files\Steam\SteamApps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{B142D705-284B-46D6-B43D-65F282FB3ECA}] => E:\Program Files\Steam\SteamApps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
FirewallRules: [{0508B8E8-873C-495B-B9A2-0CDB621D9C1C}] => E:\Program Files\Steam\SteamApps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe
FirewallRules: [{EB344955-E0A3-43E3-B971-C3A40E91BB0D}] => E:\Program Files\Steam\SteamApps\common\Star Wars - Rebellion\REBEXE.EXE
FirewallRules: [{BD1B7535-2305-4EA9-BB24-1FB7BFE49ABC}] => E:\Program Files\Steam\SteamApps\common\Star Wars - Rebellion\REBEXE.EXE
FirewallRules: [{DC0E07AA-3C09-46FD-A06A-1F3F3392C688}] => E:\Program Files\Steam\SteamApps\common\RogueSquadron\ROGUE\ROGUE.EXE
FirewallRules: [{EE033006-76D4-4638-8D4A-6BA14DC29D86}] => E:\Program Files\Steam\SteamApps\common\RogueSquadron\ROGUE\ROGUE.EXE
FirewallRules: [{3FD24FE5-0FC4-4B55-A735-3DD3E4E2857B}] => E:\Program Files\Steam\SteamApps\common\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [{C95B103C-BF08-4041-AD3B-EBE6BF666300}] => E:\Program Files\Steam\SteamApps\common\Battlefleet Gothic Armada\BattleFleetGothic.exe
FirewallRules: [{2E80785C-9B89-4E68-B93F-FAF8813FA713}] => E:\Program Files\Steam\SteamApps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{DAE092B8-1432-478C-953D-D00A7FCCB5A4}] => E:\Program Files\Steam\SteamApps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{0750132F-C9AA-4B78-9DF4-9445CBE4BDEA}] => E:\Program Files\Steam\SteamApps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{F7B8A242-D9B4-4CF7-A9AE-0A12628181A6}] => E:\Program Files\Steam\SteamApps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{89B05115-89E1-42A1-8690-082C6BAAB5E0}] => E:\Program Files\Steam\SteamApps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{AF469038-0C1F-4452-B4A7-7E43D99E905B}] => E:\Program Files\Steam\SteamApps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{9695220D-7E66-42D2-AD41-DEEA7529A066}] => E:\Program Files\Steam\SteamApps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
FirewallRules: [{2B9CB371-3B08-4779-B84A-FF8654B225BC}] => E:\Program Files\Steam\SteamApps\common\FINAL FANTASY XIII-2\FFXiii2Launcher.exe
FirewallRules: [{263F95B6-5996-456B-9350-45C6737FD7E7}] => E:\Program Files\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{1E336E6D-AD51-4F9A-A13D-7435DC88DF14}] => E:\Program Files\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{3AF4F954-F1BF-4D4E-B526-9C7A25295CF6}] => E:\Program Files\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{4DEB244F-5428-4E3C-8892-45DC5326071B}] => E:\Program Files\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{DB984CBA-B927-4680-82A2-F39297040C68}] => E:\Program Files\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{2E377B2B-9653-41BF-955C-B14E00705B01}] => E:\Program Files\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{0A574F27-6EB0-4353-B1B2-F8B08FB53FEA}] => E:\Program Files\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{D698BDFA-AB0F-452D-8CF7-2A255CB221E8}] => E:\Program Files\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{05AC1B16-1BD6-46BD-BA64-5A6D7CB1FF77}] => E:\Program Files\Steam\SteamApps\common\Distant Worlds Universe\autorun.exe
FirewallRules: [{44D6CE5D-79FF-45A7-B7D1-572F90CFB6E3}] => E:\Program Files\Steam\SteamApps\common\Distant Worlds Universe\autorun.exe
FirewallRules: [{DA39E8F8-6CC2-418E-BC08-2682D8A10262}] => E:\Program Files\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
FirewallRules: [{24C5476F-CB9F-4622-9DFB-0439DD1AB879}] => E:\Program Files\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
FirewallRules: [{D6BECA66-A292-418D-9AB0-4059FFD605A1}] => C:\Users\Hannes Fankhauser\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5BECA91C-B232-4647-8C85-14FF647F416A}] => C:\Users\Hannes Fankhauser\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6375BAFB-2D37-4896-A24A-4BF5C3E033AE}] => C:\Users\Hannes Fankhauser\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA64423F-09BC-4C55-BB02-A294717431B5}] => C:\Users\Hannes Fankhauser\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BECF290A-29D4-426F-9ECF-F55C971C97E9}] => C:\Users\Hannes Fankhauser\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0B00C19F-74EB-4943-AA12-A8309208A10E}] => C:\Users\Hannes Fankhauser\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B1B74DBB-D39A-4392-9833-234CE0A30573}] => E:\Program Files\Steam\SteamApps\common\LIGHTNING RETURNS FINAL FANTASY XIII\LRFF13.exe
FirewallRules: [{C3E635C4-C77E-4102-A674-FF61AC512A1A}] => E:\Program Files\Steam\SteamApps\common\LIGHTNING RETURNS FINAL FANTASY XIII\LRFF13.exe
FirewallRules: [{D5730812-2F7B-4618-925E-C6964368903D}] => E:\Program Files\Steam\SteamApps\common\Ashes of the Singularity\Ashes_DX12.exe
FirewallRules: [{C31DFD62-B5FF-4376-BA1B-D75FA5EDBE2F}] => E:\Program Files\Steam\SteamApps\common\Ashes of the Singularity\Ashes_DX12.exe
FirewallRules: [{093A5A79-EA89-4B93-8790-95A1BF21AA3E}] => E:\Program Files\Steam\SteamApps\common\Ashes of the Singularity\Ashes_DX11.exe
FirewallRules: [{39C8C14A-5711-4C09-9350-2AE3F28EE8B4}] => E:\Program Files\Steam\SteamApps\common\Ashes of the Singularity\Ashes_DX11.exe
FirewallRules: [{DCD2F498-7D35-4CD7-B50E-0FED7559CD3D}] => E:\Program Files\Steam\SteamApps\common\XCOM 2 SDK\Binaries\Win32\ModBuddy\XCOM ModBuddy.exe
FirewallRules: [{3FE98B9A-205E-4D1D-998A-341C2A483758}] => E:\Program Files\Steam\SteamApps\common\XCOM 2 SDK\Binaries\Win32\ModBuddy\XCOM ModBuddy.exe
FirewallRules: [{CFC8F27E-BA09-44DC-9777-57E4CB96C32A}] => E:\Program Files\Steam\SteamApps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{3C42F0CA-D594-410B-A674-B3321145C5C8}] => E:\Program Files\Steam\SteamApps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{2840E9C5-DA56-4A3B-944B-3C5DECF70221}] => E:\Program Files\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{096302F0-021A-48AA-888B-30364BADA61B}] => E:\Program Files\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{09AAC453-2F2B-45D1-906A-30334C292334}] => E:\Program Files\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{2DF21E4B-9201-4253-A807-5328B80634E9}] => E:\Program Files\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{80BC602C-0CF1-4713-AA77-EE6BCC169025}] => E:\Program Files\Steam\SteamApps\common\DDDA\DDDA.exe
FirewallRules: [{A3EADCED-BAC2-4645-9F94-971D1A2873B4}] => E:\Program Files\Steam\SteamApps\common\DDDA\DDDA.exe
FirewallRules: [UDP Query User{AC7ADF28-3555-4FEA-B818-EAFC601976E0}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{14397965-D858-487B-8C4B-457BA624EC45}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{7C36DF1B-EDE9-46B9-97F1-7865201F608F}] => E:\Program Files\Steam\SteamApps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{D9D83DC6-722C-4585-978F-4BE51FB56573}] => E:\Program Files\Steam\SteamApps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{AC7A4725-9FF4-4CED-AA77-9FC15985B2BB}] => E:\Program Files\Steam\SteamApps\common\Supreme Ruler Ultimate\SupremeRulerUltimate.exe
FirewallRules: [{EA33C71E-EBE8-4696-A31C-3CC8BCCA74E8}] => E:\Program Files\Steam\SteamApps\common\Supreme Ruler Ultimate\SupremeRulerUltimate.exe
FirewallRules: [UDP Query User{015CDE7B-F80D-44DD-9C34-D3F41B394532}E:\program files\steam\steamapps\common\total war attila\attila.exe] => E:\program files\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [TCP Query User{77A1AA7D-F397-4C52-90AE-20F5BEECBAC3}E:\program files\steam\steamapps\common\total war attila\attila.exe] => E:\program files\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{4F99106C-E7A2-4978-8BC1-B176FB8EA564}] => E:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{2EFDFB9A-2419-4313-B5F8-4E502A2E522F}] => E:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{AA62864F-6575-4E4D-88DE-79CC065590DA}] => E:\Program Files\Steam\SteamApps\common\StarMade\StarMade-starter.exe
FirewallRules: [{B10ACFE0-0C0E-4BF9-8572-314BAA4C880A}] => E:\Program Files\Steam\SteamApps\common\StarMade\StarMade-starter.exe
FirewallRules: [{CC0792FF-C5BA-4C73-8AEF-EE78084B56B3}] => E:\Program Files\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{F0FFD20E-94E0-42D2-B804-8AE6D27BBA84}] => E:\Program Files\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{A4E40C30-F17C-434A-B0C4-CE764456D796}] => E:\Program Files\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{C3863F87-02C8-4EC2-A85D-C58C53128F96}] => E:\Program Files\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{409D4C88-36F7-42C4-B144-C233018DCE9E}] => E:\Program Files\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{35577B66-DBF2-4B07-A39A-83A1DBED13A9}] => E:\Program Files\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{3DD2D3DC-8E24-4162-A098-891C4D423D8F}] => E:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{66F61C71-F5CB-404D-92BE-0085A5D436BB}] => E:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{0C594C6E-F38E-4CC2-9C13-71FAFD8978F5}] => E:\Program Files\Steam\Steam.exe
FirewallRules: [{647EB92B-0DA5-467A-866F-5AC78727448B}] => E:\Program Files\Steam\Steam.exe
FirewallRules: [{CFA3DFDD-9354-4E82-AFCB-894ABF1DCDEA}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2B433D36-91B3-4A6A-A165-2CBDDA0F7D7D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9C37FB67-03CA-4B05-AE14-85D489F31B5B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1AF258DF-366A-482D-8182-A2918113EF00}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{666974C4-B2C5-4528-A69E-653F5872497F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EFA9B145-4E1E-459C-BB36-82EBB32D4540}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD56A3DD-A213-4A70-AD6A-6F73D2E9AC08}] => E:\Program Files\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{679663EA-F1F8-4216-AA10-0616D21451D4}] => E:\Program Files\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{D5E5B9CA-6784-483B-BF2B-EC85D5F0DAF2}] => E:\Program Files\Steam\SteamApps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [{C946E440-4D45-425B-8DEC-41B58B351502}] => E:\Program Files\Steam\SteamApps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [{CB744105-AF16-4E50-AD09-B94D226E07A2}] => E:\Program Files\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{C4A1F034-25BE-4654-A235-9C526598183C}] => E:\Program Files\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{23E3B6EA-97C2-4E51-971B-6174BC15A784}] => E:\Program Files\Steam\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{333EF790-A90E-4085-804E-6629C48B652F}] => E:\Program Files\Steam\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{FADEA421-2C13-4F39-B415-A184C9B2A90D}] => E:\Program Files\Steam\SteamApps\common\WOG\disasm.exe
FirewallRules: [{33A455CD-04B0-4101-9152-13AA3704B521}] => E:\Program Files\Steam\SteamApps\common\WOG\disasm.exe
FirewallRules: [{D0F0D8A2-1FEE-4C36-8B17-6D10B76EB83A}] => E:\Program Files\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{7A61884C-6728-4F85-AFBE-550C5A6E2831}] => E:\Program Files\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{044DF1BB-688E-450B-8F46-27A8032814B2}] => E:\Program Files\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{8B4BEDBF-D2CD-4E06-B184-BB0FCED6F9B8}] => E:\Program Files\Steam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [TCP Query User{4F67C881-548F-45C4-9EFC-2D841DEA8FE3}C:\medusa4_personal_v5_2_1\med2d\m2d\run\draft.exe] => C:\medusa4_personal_v5_2_1\med2d\m2d\run\draft.exe
FirewallRules: [UDP Query User{85EB0692-E641-468E-B746-088984B02A44}C:\medusa4_personal_v5_2_1\med2d\m2d\run\draft.exe] => C:\medusa4_personal_v5_2_1\med2d\m2d\run\draft.exe
FirewallRules: [{263A4E12-437F-4F84-8328-2071EB76E746}] => E:\Program Files\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{2E8CD108-DE1F-488D-8BEF-75C8C9FCA761}] => E:\Program Files\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{C8475C18-3BA5-425E-AFFE-0AD135E5FAFC}] => E:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{E346DDCF-C4BD-4EEB-BAFF-F3CE82E01A5C}] => E:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{8C654F8A-EAC4-4DD6-8936-5E0921393D76}] => E:\Program Files\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{50F17607-10A5-41E0-972A-8C92066CFE72}] => E:\Program Files\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [TCP Query User{950063EC-8DDA-4C76-A4FD-B1147FB6C388}C:\medusa4_personal_v5_2_1\medsys\med\java\jre\bin\java.exe] => C:\medusa4_personal_v5_2_1\medsys\med\java\jre\bin\java.exe
FirewallRules: [UDP Query User{A022C6A1-A513-4723-99BE-E45A0711222E}C:\medusa4_personal_v5_2_1\medsys\med\java\jre\bin\java.exe] => C:\medusa4_personal_v5_2_1\medsys\med\java\jre\bin\java.exe
FirewallRules: [{D1717325-AC78-4F1A-A97C-148132E6A659}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED36513C-97B5-4EC3-84EF-1732073BC83C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56FE5D49-5209-42FE-8081-34C706E6F109}] => E:\Program Files\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{75A43D80-F98A-4E5E-B7FB-513CAD1E0C54}] => E:\Program Files\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{47C86CC1-0F40-4A48-BECC-E105B04D6CF8}] => E:\Program Files\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{709343FA-8435-40C1-9328-1C61953D2D85}] => E:\Program Files\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{CDC9C8F9-F284-49A4-B1A4-413DAC680937}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5F7FB056-EAF8-46E0-A8F9-4315FA6DFE11}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{13EF2E25-8877-45EC-8937-A75E333A064D}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{69804BD2-8FA7-48CC-97DD-586FABC96F9A}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1D66CE3C-9AA9-426B-9917-5972F2562988}] => E:\Program Files\Steam\SteamApps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{1B6FF62C-323F-4BEB-9BEC-2F0FF8886AF6}] => E:\Program Files\Steam\SteamApps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{AFFB9E2F-A8A2-4CC0-8FFA-6FF97C57504E}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4274FCE2-7205-43DB-A50B-0A582FECCC6F}] => E:\Program Files\Steam\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{F0354DCF-D55D-473E-86CE-00EAB3899C32}] => E:\Program Files\Steam\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{F6183D02-A5BD-4D8F-A268-47489F5D78B4}] => E:\Program Files\Steam\SteamApps\common\Call to Arms\call_to_arms.exe
FirewallRules: [{A0158BB2-E7B1-4C33-934E-D93E0F908D45}] => E:\Program Files\Steam\SteamApps\common\Call to Arms\call_to_arms.exe
FirewallRules: [{F374C943-D742-45E0-ABCE-0C56165A32DF}] => E:\Program Files\Steam\SteamApps\common\Call to Arms\call_to_arms_ed.exe
FirewallRules: [{4E0BAF2C-A3F8-4255-8F0E-6EC3CE57BF12}] => E:\Program Files\Steam\SteamApps\common\Call to Arms\call_to_arms_ed.exe
FirewallRules: [{A46D0B2F-C35E-4F69-A659-582E082B23E8}] => E:\Program Files\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{80D08189-9EEA-4FDD-9457-0D7B1E893D88}] => E:\Program Files\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{7A510F2F-7F49-4104-9418-784AA8D2F952}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{AD097EB5-1B00-4699-ACB1-73CFEBA47ED5}C:\users\hannes fankhauser\appdata\local\akamai\netsession_win.exe] => C:\users\hannes fankhauser\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{8C6384E8-4049-4DF2-9C34-44DA1AD45843}C:\users\hannes fankhauser\appdata\local\akamai\netsession_win.exe] => C:\users\hannes fankhauser\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DE7A4DA1-A229-40E5-8551-5DC2C85109C3}] => E:\Program Files\Steam\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{BDD9D174-ED62-42F9-A255-539AF7054EBB}] => E:\Program Files\Steam\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{7E79E1F5-724B-4E86-9F20-B6DDD3095F93}] => E:\Program Files\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{28CCFB03-16C5-4541-BD19-0996D2103C0C}] => E:\Program Files\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{202734A5-9F28-4198-A508-F6E6DEBCF561}] => D:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{4F80EB9F-6A71-4D90-87DC-4BB11F577088}] => D:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\game.dat
FirewallRules: [{23328568-C223-48C1-950C-3E7A11AD9034}] => D:\Program Files (x86)\Electronic Arts\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [{F0CC9D62-9D24-43BC-A7CD-2971FCC1AF71}] => D:\Program Files (x86)\Electronic Arts\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [TCP Query User{C93F39D1-951E-4047-8117-A1769863393B}C:\program files\logitech gaming software\lcore.exe] => C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{7CDD77B6-A38D-49E9-9763-3979320D1338}C:\program files\logitech gaming software\lcore.exe] => C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{E878882D-A451-4462-9F5B-75A2BD8CDBD4}] => E:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F6701BF3-72F5-4AA0-A9EB-408C5DEFB373}] => E:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F5285DC8-C725-4C4D-8368-0C48C078B255}] => E:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{573FBA10-853F-407C-B50A-0A98C846483B}] => E:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{58B2DA2E-42B1-4DEC-9E27-B39B77267132}] => E:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{FB9C11AE-CF41-46DE-8969-F5BCE9A68BCE}] => E:\Program Files\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{5C190D2C-0A5C-40E3-BE61-E441CC9CCB6A}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{BA656178-BC61-4D5C-A28F-E44A49D22F62}] => E:\Program Files\Steam\SteamApps\common\Deserts of Kharak\DesertsOfKharak64.exe
FirewallRules: [{E26D2C97-7A0C-4165-AF67-28C7A3D28F96}] => E:\Program Files\Steam\SteamApps\common\Deserts of Kharak\DesertsOfKharak64.exe
FirewallRules: [{F48D4A89-22AC-4CD3-BFAF-430C085CA102}] => E:\Program Files\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{458C30F5-B67B-4FCC-BC53-41606F3794A0}] => E:\Program Files\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/05/2017 11:51:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RazerIngameEngine.exe, Version: 1.0.12.8578, Zeitstempel: 0x566f4203
Name des fehlerhaften Moduls: RzWinMgrSrv.dll, Version: 1.0.12.8578, Zeitstempel: 0x566f41d4
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00026e99
ID des fehlerhaften Prozesses: 0x3068
Startzeit der fehlerhaften Anwendung: 0x01d26732f18be98e
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Razer\InGameEngine\32bit\RzWinMgrSrv.dll
Berichtskennung: 8eeb79fb-750c-45bc-90e5-c2eebc3dd781
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/05/2017 10:26:22 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (01/05/2017 10:05:25 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Das System kann die angegebene Datei nicht finden.

Error: (01/05/2017 10:01:37 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Das System kann die angegebene Datei nicht finden.

Error: (01/04/2017 10:10:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 50.1.0.6186, Zeitstempel: 0x584a057c
Name des fehlerhaften Moduls: mozglue.dll, Version: 50.1.0.6186, Zeitstempel: 0x5849ff8b
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ec79
ID des fehlerhaften Prozesses: 0x36f4
Startzeit der fehlerhaften Anwendung: 0x01d266240ef8e03d
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: d331739e-1854-4e0a-a7cd-5a68183a9672
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/04/2017 02:32:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (01/03/2017 10:01:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RazerIngameEngine.exe, Version: 1.0.12.8578, Zeitstempel: 0x566f4203
Name des fehlerhaften Moduls: RzWinMgrSrv.dll, Version: 1.0.12.8578, Zeitstempel: 0x566f41d4
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00026e99
ID des fehlerhaften Prozesses: 0x2e5c
Startzeit der fehlerhaften Anwendung: 0x01d266044b93b3c0
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Razer\InGameEngine\32bit\RzWinMgrSrv.dll
Berichtskennung: c57be0bf-f872-4c1b-a93b-6298af9dcb10
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/03/2017 09:58:59 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Das System kann die angegebene Datei nicht finden.

Error: (01/03/2017 09:58:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: RzStats.Manager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 72657A61
Stapel:

Error: (01/02/2017 02:57:13 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (01/05/2017 10:05:29 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/05/2017 10:05:27 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (01/05/2017 10:05:27 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (01/05/2017 10:01:46 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/05/2017 10:01:38 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (01/05/2017 10:01:38 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (01/03/2017 09:59:05 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (01/03/2017 09:59:02 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (01/03/2017 09:59:02 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (12/28/2016 08:44:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


CodeIntegrity:
===================================
Date: 2016-11-01 15:47:42.103
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-11-01 15:47:41.913
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 16326.09 MB
Verfügbarer physikalischer RAM: 11621.52 MB
Summe virtueller Speicher: 19398.09 MB
Verfügbarer virtueller Speicher: 12080.25 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:109.95 GB) (Free:4.84 GB) NTFS
Drive d: (Crucial RealSSD) (Fixed) (Total:59.11 GB) (Free:3.74 GB) NTFS
Drive e: (Volume) (Fixed) (Total:2794.39 GB) (Free:472.34 GB) NTFS
Drive f: (LOTRBFME2EP1) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 5F8E4F05)

Partition: GPT.

========================================================
Disk: 1 (Size: 59.6 GB) (Disk ID: 76B35E5D)

Partition: GPT.

========================================================
Disk: 2 (Size: 2794.5 GB) (Disk ID: 1706A9DF)

Partition: GPT.

==================== Ende von Addition.txt ============================

Attached Files


Edited by Starbuck, 06 January 2017 - 04:55 PM.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:25 PM

Posted 06 January 2017 - 06:04 PM

Hi Rapt0r828

There's a lot of torrent activity going on there.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, uTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware and system problems to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

 

I am on Win10 and using Kaspersky Internet Security btw, Windows Firewall is off.

The report is showing that the Windows firewall is actually running......Windows Firewall ist aktiviert.
and so is the Kaspersky firewall:

FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

One of these needs turning off or you may well experience conflicts.
 

Just recently my Uplay account was stolen, had no problem retrieving it, the guy didnt even change my password

I take it that you have since changed your password?
 

sometimes my keyboard doesnt work at all when i am in fullscreen or trying to write something on steam chat

Have you tried another browser to see if this still happens?
 

Drive c: () (Fixed) (Total:109.95 GB) (Free:4.84 GB) NTFS
Drive d: (Crucial RealSSD) (Fixed) (Total:59.11 GB) (Free:3.74 GB) NTFS

The free space here is very low.
For everything to run nicely, you should really keep about 15% of free space.
With only about 4% you may well experience system problems.


Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2
Please download RogueKiller Anti-malware (Free) onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on RogueKiller Anti-malware to install the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Select Accept the User Agreement then continue to click Next then finally click Install
  • Click Finish
    .
  • When the program opens..... click Scan

    rk1_zpsn7bfbew7.png
  • Click Start Scan

    rk2_zpszu8aygv0.png

    rk4_zpsj0fwsy1w.png
  • Double check anything found and tick to select items to be removed

    rk3_zps0k0uqbtb.png
  • Click Remove Selected
  • When the items have been removed.... Click Open Report >> Open TXT.
  • Copy and paste that report into your next reply.
In your next reply, please submit:
Fixlog.txt
RK report


Thanks.

Attached Files


Edited by Starbuck, 06 January 2017 - 06:06 PM.

BBPP6nz.png


#5 Rapt0r828

Rapt0r828
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 06 January 2017 - 06:39 PM

 

The report is showing that the Windows firewall is actually running......Windows Firewall ist aktiviert.
and so is the Kaspersky firewall:

 

Just checked - Windows Firewall states that it is actually managed by Kaspersky Total Security. I dont have the option to set it on or off.

 

 

I take it that you have since changed your password?

 

Of course.

 

 

Have you tried another browser to see if this still happens?

 

it works with all browsers and everywhere else - the problem only sometimes occurs in Steam and Uplay Chat, and everything thats fullscreen, like games.

 

 

The free space here is very low.

 

Another SSD is already ordered.

 

 

Here is the RK Report:

 

 

RogueKiller V12.9.1.0 (x64) [Jan  2 2017] (Free) von Adlice Software
Mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 10 (10.0.14393) 64 bits version
Gestartet in : Normalmodus
User : Hannes Fankhauser [Administrator]
Gestartet von : C:\Program Files\RogueKiller\RogueKiller64.exe
Modus : Löschen -- Datum : 01/07/2017 00:19:47 (Dauer : 00:14:39)

¤¤¤ Prozesse : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\OCS -> Gelöscht
[PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\OCS -> Gelöscht
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4119562290-3693031830-2868936321-1001\Software\OCS -> Gelöscht
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4119562290-3693031830-2868936321-1001\Software\OCS -> Gelöscht
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\OCS -> Gelöscht
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\OCS -> Gelöscht
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV and Media Player -> Gelöscht
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\gupdate 1.00 -> Gelöscht
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DC0E07AA-3C09-46FD-A06A-1F3F3392C688} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=E:\Program Files\Steam\SteamApps\common\RogueSquadron\ROGUE\ROGUE.EXE|Name=STAR WARS?: Rogue Squadron 3D| [-] -> Gelöscht
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EE033006-76D4-4638-8D4A-6BA14DC29D86} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=E:\Program Files\Steam\SteamApps\common\RogueSquadron\ROGUE\ROGUE.EXE|Name=STAR WARS?: Rogue Squadron 3D| [-] -> Gelöscht
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Ersetzt (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Ersetzt (2)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Dateien : 4 ¤¤¤
[PUP.Gen1][Ordner] C:\Users\Hannes Fankhauser\AppData\Roaming\FLV and Media Player -> Gelöscht
[PUP.Gen1][Datei] C:\Users\Hannes Fankhauser\AppData\Roaming\FLV and Media Player\ml.xspf -> Gelöscht
[PUP.Gen1][Datei] C:\Users\Hannes Fankhauser\AppData\Roaming\FLV and Media Player\vlc-qt-interface.ini -> Gelöscht
[PUP.Gen1][Datei] C:\Users\Hannes Fankhauser\AppData\Roaming\FLV and Media Player\vlcrc -> Gelöscht
[Tr.Gen0][Datei] C:\Users\Hannes Fankhauser\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe -> Gelöscht
[Tr.Gen0][Datei] C:\Users\Hannes Fankhauser\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Gelöscht
[Tr.Gen0][Datei] C:\Users\Hannes Fankhauser\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Gelöscht

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts-Datei : 0 ¤¤¤

¤¤¤ Anti-Rootkit : 0 (Driver: Geladen) ¤¤¤

¤¤¤ Webbrowser : 3 ¤¤¤
[PUP.Gen2][Firefox:Addon] 31vzn1lt.default : Shopper-Pro [{746505DC-0E21-4667-97F8-72EA6BCF5EEF}] -> Gelöscht
[PUM.SearchEngine][Firefox:Config] 31vzn1lt.default : user_pref("browser.search.selectedEngine", "Yahoo!"); -> Gelöscht
[PUM.SearchEngine][Firefox:Config] d0ezfqd2.default-1440768493047 : user_pref("browser.search.defaultenginename", "Yahoo!"); -> Gelöscht

¤¤¤ MBR-Übeprüfung : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 Series +++++
--- User ---
[MBR] 779a8e03971abd6a1b36b1436f2f4dac
[BSP] f999bf63bb3ca284ab87a2457d68138e : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1083392 | Size: 112593 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 231673856 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 232595456 | Size: 451 MB
6 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 233519104 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: C300-CTFDDAC064MAG +++++
--- User ---
[MBR] 75c9bfbb2aa253c5f695c5614b7e32e9
[BSP] 10d6e73a4cb4fb8b68e1e6e76fe5d20c : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 1083392 | Size: 60528 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD30EZRX-00AZ6B0 +++++
--- User ---
[MBR] a70c5892f441bf922a062d7905eac1e0
[BSP] 55c1e70c243e361c21934c2f32f8dfb5 : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

 

 

Attached Files



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:25 PM

Posted 06 January 2017 - 07:36 PM

Just checked - Windows Firewall states that it is actually managed by Kaspersky Total Security. I dont have the option to set it on or off.

This is one of the reasons that I hate these so called Total Security programs.
They take control of everything.... but not always in a good way.
I see that Kaspersky blocked the hosts file reset as well.

If you turn the Kaspersky firewall off, you'll then be able to turn the Windows firewall off.
This is because with the Kaspersky firewall OFF, it no longer locks you out of controlling the Windows firewall.

Make sure that both the Windows Public Profile FW is off and the Private Profile FW is OFF.
Then turn the Kaspersky firewall back on.

Some Kaspersky products do have issues with some Win 10 systems.

Kaspersky products have issues in Windows 10 Anniversary Update

scroll down for KTS


Step 1
One more entry to remove..

Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2
I'd like you to do an ESET OnlineScan

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan.
See instructions here.

Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.
Don't forget to re-enable your antivirus when finished!


In your next reply, please submit:
Fixlog.txt
Eset scan report



Thanks.

Attached Files


BBPP6nz.png


#7 Rapt0r828

Rapt0r828
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 06:37 PM

Back now, that scan took quite some time.

 

 

This is one of the reasons that I hate these so called Total Security programs.
They take control of everything.... but not always in a good way.
I see that Kaspersky blocked the hosts file reset as well.

 

Looks like the kaspersky stuff is useless anyways, Eset found quite a few threats. My Kaspersky is scanning the whole PC twice a week and never found anything....

 

 

Make sure that both the Windows Public Profile FW is off and the Private Profile FW is OFF.
Then turn the Kaspersky firewall back on.

 

Done.

 

 

Attached Files



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:25 PM

Posted 08 January 2017 - 07:23 PM

Hi Rapt0r828
 

Back now, that scan took quite some time

Yes the scan can take awhile..... but it's very thorough.
 

Looks like the kaspersky stuff is useless anyways, Eset found quite a few threats.

Most of what Eset found, had already been found and quarantined (so was safe anyway)
It's not that Kaspersky is useless .... it just needs to be setup to detect these PuP's.
Kaspersky is not as aggressive about PUPs as some other vendors, so the option to detect and remove these is not enabled by default.
You have to enable this yourself.
This link will explain how to do that:
How to enable riskware detection in Kaspersky Total Security 2016

Nearly all of what we have removed from the system is Adware (PuP's) there has been no sign of any keyloggers.

RogueKiller and Eset are good at detecting these types of malware..... so I doubt very much if a keylogger is the actual problem.
 

sometimes my keyboard doesnt work at all when i am in fullscreen or trying to write something on steam chat, altough everywhere else it works.

I had a look around the Internet and there are others that seem to be having problems when using Steam and Win10.
This is just two of them:
Windows 10, Steam fails to open

Upgraded to Windows 10. Can't Load Steam Store or any Pages

If you do a Google Search for ... Steam chat problems win10
You'll see there's pages of hits.

One thing that you should address is:
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE 8u111 / 8u112 and save it to your desktop.
  • Scroll down to where it says "Java SE 8u111 / 8u112".
  • Click the "Download JRE " button.

    java111_zpsfbxpbbcv.png
  • Accept the license agreement.
  • select 'Windows x64'offline from the list.

    java113_zpsjgqwyjte.png
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Right click on the Start button >> select Programs and Features Now remove any versions of Java in the list.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
So apart from the Steam problem.... are there any other problems with the system?

BBPP6nz.png


#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:25 PM

Posted 12 January 2017 - 01:54 PM

Hi Rapt0r828

 

Do you still require assistance?


BBPP6nz.png


#10 Rapt0r828

Rapt0r828
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 13 January 2017 - 07:37 AM

Hi,

 

Sorry for the late answer, was abroad the last days due to work.

 

Just did the Java update, so looks like everything is safe for the moment.

I did some further research with my chat problems - might just be that its the Razer Synapse app who is causing this.

 

Once again, thanks for your assistance and patience. I just have one more question: Where is the donate button?



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:25 PM

Posted 13 January 2017 - 03:28 PM

Hi Rapt0r828
 

Where is the donate button?

We no longer have a donate button.
The Site Owner said that he didn't need donations anymore to help with the running costs.
Just do a good deed for someone else and we'll call it quits. :)

Let's finish the cleaning process and remove the tools we have used.


Step 1
FRST can now be removed:

Right click on the FRST icon and select delete.
Right click on any fixlog.txt or fixlist.txt files and select delete.
Navigate to: C:\frst and delete the frst folder

Step 2
RogueKiller AntiMalware can be uninstalled from the uninstall list: (if you want to remove it)

Right click on the Start button >> select Programs and Features

Eset can be uninstalled from the uninstall list as well.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program at a time

Use a Firewall

Only install one software Firewall

Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Install an AdBlocker
Firefox: uBlock Origin
Google Chrome: uBlock Origin
Edge: uBlock Origin Preview

uBlock Origin is more than an "ad blocker": it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker".
The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites
.

Internet Explorer:
Adblock Plus for Internet Explorer

P2P programs/Torrents
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Beware of PuP's when installing 'free' software
(Potentially Unwanted Program) An application that is installed along with the desired application the user actually asked for.
In most cases, the PUP is spyware, adware or some other unwanted software.
However, what makes spyware or adware a PUP rather than pure malware is the fact that the end user license agreement (EULA) does inform the user that this additional program is being installed.
Considering hardly anyone ever reads the license agreement, the distinction is a subtle one.

Understanding PuP's (Adware)


Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

Edited by Starbuck, 13 January 2017 - 03:29 PM.

BBPP6nz.png


#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:25 PM

Posted 21 January 2017 - 05:49 AM

As this topic has been resolved this thread will now be closed.

If you need this topic reopened, please contact one of the moderating team by PM and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users