Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.08.2017, 16:58   #1
Easy Frag
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Hallo an alle!

Ich ersuche Hilfe hier im Auftrag eines lieben Mitmenschen. Da ich mich selbst als recht Computeraffin bezeichnen würde erhoffe ich mit eurer Hilfe das System zu säubern.

Folgendes ist passiert.
Nach dem ausführen eines vermeintlichen Updates (wurde noch während der Installation unterbrochen) wurden mehrere Verknüpfungen zu Onlinespielen auf dem Desktop erzeugt und laufend werden Chrometabs mit Spam geöffnet.

Folgendes habe ich gemacht.
  • Direkt das Internet getrennt
    Chrome deinstalliert
    Alle korrupierten Prozesse beendet (etliche waren sogar mit russischen Zeichen in der Beschreibung)
    Malewarebytes ausgeführt (knapp 1200 Bedrohungen entfernt)
    Festgestellt, dass eine nicht funktionierende Version von Bitdefender installiert ist

Zunächst schien auch die Gefahr gebannt, jedoch bleibt das Problem mit Chrome auch nach einer frischen Installation bestehen.

Ich persönlich führe regelmäßige Backups aus und hätte das System direkt neu aufgesetzt, aber zu den Daten scheint es kein physikalisches Backup zu geben.

Jetzt wende ich mich nun an euch in der Hoffnung mein Unvermögen auszugleichen und den komplizierteren Weg zu gehen.

Ich war so frei und habe schon mal die beiden Logs erstellt.

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
durchgeführt von Administrator (Administrator) auf SEBASTIAN-PC (23-08-2017 16:37:45d)
Gestartet von C:\Users\Administrator\Downloads
Geladene Profile: Administrator (Verfügbare Profile: Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() D:\Nützliche Programme\Core Temp\Core Temp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Sony) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
(Little Sky Studios ) C:\Program Files (x86)\Desktop APM\DesktopAPM.exe
() C:\Users\Administrator\AppData\Roaming\olvi5sm3ytt\45jaiqgcvm1.exe
() C:\Users\Administrator\AppData\Roaming\csgqyfbqxo5\r13o5zxsayj.exe
() C:\Program Files (x86)\Belkin\F9L1101\V1\PBN.exe
(Twitch Interactive, Inc.) C:\Users\Administrator\AppData\Roaming\Curse Client\Bin\Twitch.exe
(Elaborate Bytes AG) D:\Nützliche Programme\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Twitch Interactive, Inc.) C:\Users\Administrator\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Twitch Interactive, Inc.) C:\Users\Administrator\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\Administrator\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.8326.2073\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Nützliche Programme\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2014-10-19] (ROCCAT GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-02-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Run: [dualmonitor] => [X]
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2105728 2017-05-31] (Sony)
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Run: [Steam] => D:\Spiele\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Run: [Spotify] => C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-06] (Spotify Ltd)
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Run: [DesktopAPM] => C:\Program Files (x86)\Desktop APM\DesktopAPM.exe [2619456 2016-04-26] (Little Sky Studios )
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Run: [3ytpznhmhrz] => C:\Users\Administrator\AppData\Roaming\olvi5sm3ytt\45jaiqgcvm1.exe [8192 2017-08-23] ()
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Run: [imzgllnsqxr] => C:\Users\Administrator\AppData\Roaming\csgqyfbqxo5\r13o5zxsayj.exe [8192 2017-08-23] ()
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Run: [H3RKL4X5NI2NCWZ] => C:\Program Files (x86)\bh3wkcqsjdu\18DT7.exe [1229312 2017-08-23] ()
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-06] (Spotify Ltd)
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\MountPoints2: {8f4dba2e-d7bb-11e5-92e4-001fd097aa98} - E:\setup.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-12]
ShortcutTarget: Twitch.lnk -> C:\Users\Administrator\AppData\Roaming\Curse Client\Bin\Twitch.exe (Twitch Interactive, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk [2016-02-19]
ShortcutTarget: Belkin USB Wireless Adaptor Utility.lnk -> C:\Program Files (x86)\Belkin\F9L1101\V1\PBN.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1BC3EF52-6087-47AE-A9A6-15B1B2DEE266}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1F289EB0-A2C8-4A07-A950-EDAF346D4359}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{52E2C328-7C77-4E37-93C7-B4E397C82ED5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5BE74D56-D472-4EAE-93A8-37D212CB2339}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{85704D9B-DCD8-40A5-8C5C-AEFF4323017F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-25] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-07-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-04] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: bci6t4gj.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default [2017-08-23]
FF Extension: (Quick Searcher) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2017-08-23]
FF Extension: (Adblock Edge) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-04-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-20] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-11-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-11-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2112160272-3594351332-598527768-500: ubisoft.com/uplaypc -> D:\Spiele\Die Siedler 7\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [2013-02-26] (Ubisoft)

Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-08-23]
CHR Extension: (Google Präsentationen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-23]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-23]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-23]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-23]
CHR Extension: (Google Tabellen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; D:\Spiele\Origin\OriginClientService.exe [2169696 2017-07-17] (Electronic Arts)
S2 Origin Web Helper Service; D:\Spiele\Origin\OriginWebHelperService.exe [3149664 2017-07-17] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-08-02] (Overwolf LTD)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-09-10] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe [81968 2016-02-23] (SiSoftware) [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [Datei ist nicht signiert]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-09] (Microsoft Corporation)
S2 WLANBelkinService; C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe [86016 2012-10-05] () [Datei ist nicht signiert]
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-05-31] (Sony)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-07-11] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-10] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-23] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-28] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RTCore64; D:\Nützliche Programme\MSI Afterburner\RTCore64.sys [13512 2016-09-02] ()
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-02-19] (Cisco Systems, Inc.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-08-23 16:37 - 2017-08-23 16:37 - 002395648 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2017-08-23 16:37 - 2017-08-23 16:37 - 000022600 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-08-23 16:37 - 2017-08-23 16:37 - 000000000 ____D C:\FRST
2017-08-23 16:26 - 2017-08-23 16:26 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-23 16:26 - 2017-08-23 16:26 - 000002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-23 16:24 - 2017-08-23 16:24 - 001130328 _____ (Google Inc.) C:\Users\Administrator\Downloads\ChromeSetup.exe
2017-08-23 16:20 - 2017-08-23 16:20 - 000000000 ____D C:\Windows\system32\appmgmt
2017-08-23 15:51 - 2017-08-23 16:03 - 000000000 ____D C:\Program Files (x86)\bh3wkcqsjdu
2017-08-23 15:51 - 2017-08-23 15:52 - 000031411 _____ C:\Windows\45ba5e5e58acbc884104f9223c43f3a5.ps1
2017-08-23 15:51 - 2017-08-23 15:52 - 000003474 _____ C:\Windows\System32\Tasks\45ba5e5e58acbc884104f9223c43f3a5
2017-08-23 15:51 - 2017-08-23 15:51 - 000000000 ____D C:\Windows\SysWOW64\SSL
2017-08-23 15:51 - 2017-08-23 15:51 - 000000000 ____D C:\Windows\Azart
2017-08-23 15:51 - 2017-08-23 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\olvi5sm3ytt
2017-08-23 15:51 - 2017-08-23 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\csgqyfbqxo5
2017-08-23 15:51 - 2017-08-23 15:51 - 000000000 ____D C:\ProgramData\WindowsReporting
2017-08-23 15:51 - 2017-08-23 15:51 - 000000000 ____D C:\Program Files\RUK6GQNT7C
2017-08-23 15:50 - 2017-08-23 15:51 - 000000000 ____D C:\Program Files\T3C73GUAMZ
2017-08-23 13:32 - 2017-08-23 13:32 - 001677824 _____ C:\Windows\ae3e709c41c32739103c91949b6ecc64.exe
2017-08-23 13:32 - 2017-08-23 13:32 - 000039806 _____ C:\Windows\uninstaller.dat
2017-08-20 07:28 - 2017-08-20 07:28 - 000000000 ____D C:\Windows\rescache
2017-08-17 18:54 - 2017-08-17 18:54 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Monomi Park
2017-08-17 18:53 - 2017-08-17 18:53 - 000000000 ____D C:\ProgramData\GOG.com
2017-08-09 15:22 - 2017-07-29 16:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 15:22 - 2017-07-21 16:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-09 15:22 - 2017-07-21 16:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-09 15:22 - 2017-07-21 16:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-09 15:22 - 2017-07-21 16:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-09 15:22 - 2017-07-15 20:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-09 15:22 - 2017-07-15 19:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 15:22 - 2017-07-14 17:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 15:22 - 2017-07-14 17:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 15:22 - 2017-07-14 17:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 15:22 - 2017-07-14 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-09 15:22 - 2017-07-14 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-09 15:22 - 2017-07-14 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 15:22 - 2017-07-14 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-09 15:22 - 2017-07-14 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-09 15:22 - 2017-07-14 16:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 15:22 - 2017-07-14 16:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-09 15:22 - 2017-07-14 16:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-09 15:22 - 2017-07-14 09:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-09 15:22 - 2017-07-14 09:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-09 15:22 - 2017-07-14 08:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-09 15:22 - 2017-07-14 08:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-09 15:22 - 2017-07-14 08:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-09 15:22 - 2017-07-14 08:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-09 15:22 - 2017-07-14 08:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-09 15:22 - 2017-07-14 08:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-09 15:22 - 2017-07-14 08:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-09 15:22 - 2017-07-14 08:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-09 15:22 - 2017-07-14 08:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-09 15:22 - 2017-07-14 08:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-09 15:22 - 2017-07-14 08:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-09 15:22 - 2017-07-14 08:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-09 15:22 - 2017-07-14 08:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-09 15:22 - 2017-07-14 08:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-09 15:22 - 2017-07-14 08:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-09 15:22 - 2017-07-14 08:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-09 15:22 - 2017-07-14 07:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 15:22 - 2017-07-14 07:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-09 15:22 - 2017-07-14 07:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-09 15:22 - 2017-07-14 07:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-09 15:22 - 2017-07-14 07:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-09 15:22 - 2017-07-14 07:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-09 15:22 - 2017-07-14 07:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-09 15:22 - 2017-07-14 07:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-09 15:22 - 2017-07-14 07:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-09 15:22 - 2017-07-14 07:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-09 15:22 - 2017-07-14 07:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-09 15:22 - 2017-07-14 07:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-09 15:22 - 2017-07-14 07:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-09 15:22 - 2017-07-14 06:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-09 15:22 - 2017-07-14 06:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-09 15:22 - 2017-07-14 06:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-09 15:22 - 2017-07-14 05:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-09 15:22 - 2017-07-14 05:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-09 15:22 - 2017-07-14 04:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-09 15:22 - 2017-07-14 04:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-09 15:22 - 2017-07-14 04:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-09 15:22 - 2017-07-14 04:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-09 15:22 - 2017-07-14 04:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-09 15:22 - 2017-07-14 04:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-09 15:22 - 2017-07-14 04:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-09 15:22 - 2017-07-14 04:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-09 15:22 - 2017-07-14 04:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-09 15:22 - 2017-07-14 04:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-09 15:22 - 2017-07-14 04:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-09 15:22 - 2017-07-14 04:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-09 15:22 - 2017-07-14 04:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-09 15:22 - 2017-07-14 04:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-09 15:22 - 2017-07-14 04:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-09 15:22 - 2017-07-14 04:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-09 15:22 - 2017-07-14 04:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-09 15:22 - 2017-07-14 04:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-09 15:22 - 2017-07-14 04:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-09 15:22 - 2017-07-14 04:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-09 15:22 - 2017-07-14 04:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-09 15:22 - 2017-07-14 04:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-09 15:22 - 2017-07-14 04:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-09 15:22 - 2017-07-14 04:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-09 15:22 - 2017-07-14 04:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-09 15:22 - 2017-07-14 04:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-09 15:22 - 2017-07-14 04:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-09 15:22 - 2017-07-14 03:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-09 15:22 - 2017-07-14 03:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-09 15:22 - 2017-07-14 03:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-09 15:22 - 2017-07-08 17:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 15:22 - 2017-07-08 17:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 15:22 - 2017-07-07 17:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-09 15:22 - 2017-07-07 17:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 15:22 - 2017-07-07 17:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-09 15:22 - 2017-07-07 17:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 15:22 - 2017-07-07 17:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 15:22 - 2017-07-07 17:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 15:22 - 2017-07-07 17:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-09 15:22 - 2017-07-07 17:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-09 15:22 - 2017-07-07 17:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 15:22 - 2017-07-07 17:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 15:22 - 2017-07-07 17:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 15:22 - 2017-07-07 17:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 15:22 - 2017-07-07 16:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-09 15:22 - 2017-07-07 16:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 15:22 - 2017-07-07 16:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 15:22 - 2017-07-07 16:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 15:22 - 2017-07-07 16:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 15:22 - 2017-07-07 16:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 15:22 - 2017-07-07 16:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 15:22 - 2017-07-07 16:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-09 15:22 - 2017-07-07 16:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-09 15:22 - 2017-07-07 16:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-09 15:22 - 2017-07-07 16:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-09 15:22 - 2017-07-07 16:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-09 15:22 - 2017-07-07 16:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-04 19:49 - 2017-08-04 19:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DesktopAPM
2017-08-04 19:49 - 2017-08-04 19:49 - 000001038 _____ C:\Users\Administrator\Desktop\Desktop APM.lnk
2017-08-04 19:49 - 2017-08-04 19:49 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop APM
2017-08-04 19:49 - 2017-08-04 19:49 - 000000000 ____D C:\Program Files (x86)\Desktop APM
2017-08-03 23:24 - 2017-08-03 23:24 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Red Dot Games
2017-07-30 03:32 - 2017-07-30 03:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Guild 2 - Renaissance
2017-07-30 01:19 - 2017-07-30 01:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-07-30 01:19 - 2017-07-30 01:19 - 000000000 ____D C:\Program Files\7-Zip
2017-07-30 01:18 - 2017-07-30 01:18 - 001381582 _____ (Igor Pavlov) C:\Users\Administrator\Downloads\7z1604-x64.exe
2017-07-27 16:16 - 2017-07-27 16:22 - 000000000 ____D C:\Users\Administrator\Documents\GTA Vice City User Files
2017-07-27 16:16 - 2017-07-27 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto Vice City
2017-07-25 13:59 - 2017-07-25 13:59 - 000001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-07-25 13:59 - 2017-07-25 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-07-25 13:59 - 2017-07-25 13:59 - 000000000 ____D C:\Program Files\iTunes
2017-07-25 13:59 - 2017-07-25 13:59 - 000000000 ____D C:\Program Files\iPod

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-08-23 16:26 - 2016-02-19 23:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-08-23 16:26 - 2016-02-19 23:25 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-23 16:25 - 2017-05-10 19:49 - 000003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-23 16:25 - 2017-05-10 19:49 - 000003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-23 16:25 - 2017-05-04 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-08-23 16:25 - 2011-04-12 09:43 - 000699416 _____ C:\Windows\system32\perfh007.dat
2017-08-23 16:25 - 2011-04-12 09:43 - 000149556 _____ C:\Windows\system32\perfc007.dat
2017-08-23 16:25 - 2009-07-14 07:13 - 001620612 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-23 16:25 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-08-23 16:23 - 2016-12-05 04:48 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Curse Client
2017-08-23 16:20 - 2016-03-15 22:10 - 000000023 _____ C:\Windows\ODBCINST.INI
2017-08-23 16:18 - 2009-07-14 06:45 - 000029760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-23 16:18 - 2009-07-14 06:45 - 000029760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-23 16:15 - 2016-03-04 15:16 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Spotify
2017-08-23 16:10 - 2017-05-10 21:08 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-23 16:09 - 2016-02-20 04:08 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-23 16:09 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-23 15:57 - 2016-08-13 13:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\HelloGames
2017-08-23 07:18 - 2017-04-06 02:07 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-08-17 18:53 - 2016-04-25 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-08-17 17:55 - 2017-07-22 22:03 - 000000000 ____D C:\Users\Administrator\Documents\Pro Cycling Manager 2017
2017-08-17 17:55 - 2017-07-22 22:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Pro Cycling Manager 2017
2017-08-16 16:15 - 2017-05-18 19:36 - 000003864 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1495128961
2017-08-16 16:15 - 2017-05-18 19:35 - 000000000 ____D C:\Program Files\Opera
2017-08-12 17:27 - 2016-07-01 12:00 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-10 16:17 - 2009-07-14 06:45 - 000450864 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-10 07:02 - 2016-03-02 17:39 - 000000000 ____D C:\Windows\system32\MRT
2017-08-10 06:58 - 2016-03-02 17:39 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-09 17:15 - 2016-07-01 12:00 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-09 06:58 - 2016-03-15 08:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-08-08 16:48 - 2016-06-22 04:48 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-08-04 06:51 - 2016-02-20 00:17 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-08-04 06:51 - 2016-02-20 00:17 - 000000000 ____D C:\ProgramData\Oracle
2017-08-04 06:51 - 2016-02-20 00:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-04 06:51 - 2016-02-20 00:17 - 000000000 ____D C:\Program Files (x86)\Java
2017-07-28 03:15 - 2016-03-16 20:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-27 16:16 - 2016-02-20 15:07 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-07-27 15:57 - 2016-03-16 20:28 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-26 21:15 - 2017-05-14 18:48 - 000046354 _____ C:\Users\Administrator\Desktop\Ikariam Produktion.xlsx
2017-07-26 20:58 - 2017-07-17 07:52 - 000004273 _____ C:\test.spr
2017-07-26 12:23 - 2017-05-08 20:49 - 000000000 ____D C:\ProgramData\Skype

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-03-30 21:18 - 2016-04-28 08:31 - 000004069 _____ () C:\Users\Administrator\AppData\Roaming\LTspiceIV.ini
2017-03-15 18:16 - 2016-02-18 00:30 - 015384576 _____ () C:\Users\Administrator\AppData\Roaming\Sandra.mdb

Einige Dateien in TEMP:
====================
2017-08-23 15:50 - 2017-08-23 15:50 - 000493536 _____ (                                                            ) C:\Users\Administrator\AppData\Local\Temp\avboost.exe
2017-08-04 06:48 - 2017-08-04 06:48 - 000740416 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-08-17 22:14 - 2017-08-17 22:14 - 000040448 ____N () C:\Users\Administrator\AppData\Local\Temp\proxy_vole3223314943162461830.dll
2017-08-17 22:14 - 2017-08-17 22:14 - 000040448 ____N () C:\Users\Administrator\AppData\Local\Temp\proxy_vole5377562440348658525.dll
2017-08-17 22:14 - 2017-08-17 22:14 - 000040448 ____N () C:\Users\Administrator\AppData\Local\Temp\proxy_vole5961053705888745167.dll
2017-08-23 15:50 - 2017-08-23 15:50 - 006473728 _____ () C:\Users\Administrator\AppData\Local\Temp\s2s.exe
2017-08-23 15:51 - 2017-08-23 15:50 - 001199825 _____ () C:\Users\Administrator\AppData\Local\Temp\unins000.exe
2017-06-22 12:16 - 2017-06-22 12:16 - 049533288 _____ (Sony) C:\Users\Administrator\AppData\Local\Temp\xcs1BFD.tmp.exe
2006-05-24 20:10 - 2006-05-24 20:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Administrator\AppData\Local\Temp\_is1CA5.exe
2006-05-24 20:10 - 2006-05-24 20:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Administrator\AppData\Local\Temp\_is60F5.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-08-18 17:01

==================== Ende von FRST.txt ============================
         

Alt 23.08.2017, 16:58   #2
Easy Frag
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-08-2017
durchgeführt von Administrator (23-08-2017 16:38:27)
Gestartet von C:\Users\Administrator\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-02-19 20:32:41)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2112160272-3594351332-598527768-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2112160272-3594351332-598527768-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2112160272-3594351332-598527768-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Spybot - Search and Destroy (Enabled - Out of date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

60 Seconds! (HKLM\...\NjBzZWNvbmRz_is1) (Version: 1 - )
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
A Boy and His Blob (HKLM\...\Steam App 281200) (Version:  - Abstraction Games)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Alien Nations (HKLM-x32\...\GOGPACKALIENNATIONS_is1) (Version: 2.0.0.26 - GOG.com)
AlienFX for KoneXTD (HKLM\...\{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH) Hidden
AlienFX for KoneXTD (HKLM-x32\...\InstallShield_{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH)
Anno 1602 - Creation of a New World (HKLM-x32\...\1438168222_is1) (Version: 2.0.0.6 - GOG.com)
Anno 2205 Version 1.0 (HKLM-x32\...\{9D231988-619F-4A37-A19D-341EC4BBF719}_is1) (Version: 1.0 - UBISoft)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ArcaniA (HKLM-x32\...\ArcaniA_is1) (Version:  - )
Attribute Changer 8.60 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 8.60 - Romain Petges)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Belkin USB Wireless Adaptor (HKLM-x32\...\{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin)
Ben and Ed (HKLM\...\YmVuYW5kZWQ_is1) (Version: 1 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounty Train (HKLM-x32\...\Bounty Train_is1) (Version:  - )
Caesar IV (HKLM-x32\...\{B7666229-351B-47D9-AA6F-DF777CF04BBF}) (Version: 0.18.13 - Tilted Mill Entertainment)
Car Mechanic Simulator 2018 Silver Edition MULTi2 1.0.2 (HKLM-x32\...\Car Mechanic Simulator 2018 Silver Edition MULTi2 1.0.2) (Version: 1.0.2 - .x.X.RIDDICK.X.x.)
Car Mechanic Simulator 2018 Update v1.1.1 (HKLM\...\Y2FybWVjaGFuaWNzaW11bGF0b3IyMDE4_is1) (Version: 1 - )
Casino Empire (HKLM-x32\...\{42FA68A0-C0BC-11D6-B2FA-0010B5AC3B10}) (Version:  - )
Catan - Städte und Ritter (HKLM-x32\...\Catan - Staedte und Ritter) (Version: 1.220 - Catan GmbH)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{0F65F838-573B-4AE1-8A15-8E9DC157D157}) (Version: 3.1.07021 - Cisco Systems, Inc.) Hidden
Civilization VI Digital Deluxe Edition MULTi2 1.0 (HKLM-x32\...\Civilization VI Digital Deluxe Edition MULTi2 1.0) (Version:  - )
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Company of Heroes (New Steam Version) (HKLM\...\Steam App 228200) (Version:  - Relic)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Cossacks 3 Digital Deluxe Edition MULTI2 1.0 (HKLM-x32\...\Cossacks 3 Digital Deluxe Edition MULTI2 1.0) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Desktop APM (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Desktop APM) (Version:  - )
Die 12 Heldentaten des Herkules 6 SE Version 1.0.2 (HKLM-x32\...\{D0165150-2D24-4802-8395-2DA15C1A76AF}_is1) (Version: 1.0.2 - DELiGHT 2017)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Dual Monitor 1.22 (HKLM-x32\...\{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1) (Version: 1.22.021813 - Cristi Diaconu)
Dungeon Keeper (HKLM-x32\...\{B9E79070-56B6-4980-A7E9-C28D6480D050}) (Version: 1.0.0.1 - Electronic Arts)
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper II) (Version:  - )
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.4.37.20160609 - Landesfinanzdirektion Thüringen)
Emergency 2016 Limited Edition MULTi2 1.0 (HKLM-x32\...\Emergency 2016 Limited Edition MULTi2 1.0) (Version:  - )
Factorio version 0.12.26 (HKLM\...\Factorio_is1) (Version:  - )
Fallout Shelter (HKLM\...\Steam App 588430) (Version:  - Bethesda Game Studios)
Farming Simulator 17 (HKLM\...\ZmFybWluZ3NpbXVsYXRvcjE3_is1) (Version: 1 - )
Fritz 13 (HKLM-x32\...\{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}) (Version: 13.0.0.0 - ChessBase)
GOG.com The Settlers 3 (HKLM\...\{f707a2f1-2ed1-4560-a087-97aa176c3777}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition MULTI 11 (HKLM-x32\...\R292ZXJub3JvZlBva2VyMlByZW1pdW1FZGl0aW9uTVVMVEkxMQ==_is1) (Version: 1 - )
Grand Theft Auto IV Complete Edition Version 1.1.2.0 (HKLM-x32\...\Grand Theft Auto IV Complete Edition_is1) (Version: 1.1.2.0 - Rockstar Games)
Grand Theft Auto V Digital Deluxe Edition FIXED VERSION MULTi11 1.0.350.1 (HKLM-x32\...\Grand Theft Auto V Digital Deluxe Edition FIXED VERSION MULTi11 1.0.350.1) (Version:  - )
Grand Theft Auto V Digital Deluxe Edition Update 4 FIXED Version MULTi11 1.0.350.2 (HKLM-x32\...\Grand Theft Auto V Digital Deluxe Edition Update 4 FIXED Version MULTi11 1.0.350.2) (Version:  - )
Grand Theft Auto Vice City Version 1.1 (HKLM-x32\...\Grand Theft Auto Vice City_is1) (Version: 1.1 - Rockstar Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearts of Iron IV Field Marshal Edition MULTi7 - ElAmigos Version 1.0 (HKLM-x32\...\{9240BFB5-B3DE-4505-8351-5605EE8D4F84}_is1) (Version: 1.0 - Paradox Interactive)
Hero Defense - Haunted Island (HKLM-x32\...\Steam App 423620) (Version:  - Happy Tuesday)
Hero of the Kingdom (HKLM-x32\...\Hero of the Kingdomv1.00) (Version: v1.00 - Lonely Troops)
Herrscher des Olymp - Zeus & Poseidon Version 2.0 (HKLM-x32\...\{2F32318C-A833-410A-BE7D-E409A614B607}_is1) (Version: 2.0 - Sierra)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Human Resource Machine (HKLM\...\Steam App 375820) (Version:  - Tomorrow Corporation)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\{517CC397-B22F-4593-8DCB-DE72CC541E9A}) (Version: 3.0.1 - Riot Games ) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mario Kart 8 MULTi8 1.0 (HKLM-x32\...\Mario Kart 8 MULTi8 1.0) (Version: 1.0 - x.X.RIDDICK.X.x)
Medieval II: Total War (HKLM\...\Steam App 4700) (Version:  - The Creative Assembly)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft: Story Mode - A Telltale Games Series (HKLM\...\bWluZWNyYWZ0c3Rvcnltb2RlYXRlbGx0YWxlZ2FtZXNzZXJpZXM_is1) (Version: 1 - )
Mini Metro (HKLM\...\Steam App 287980) (Version:  - Dinosaur Polo Club)
Monopoly (HKLM-x32\...\{D7E7EC5E-4349-4E40-B37C-4342188B86EC}) (Version:  - )
MSI Afterburner 4.3.0 Beta 14 (HKLM-x32\...\Afterburner) (Version: 4.3.0 Beta 14 - MSI Co., LTD)
MSI Kombustor 3.5.2.1 (64-bit) (HKLM\...\{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1) (Version:  - MSI Co., LTD)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8229.2045 - Microsoft Corporation) Hidden
Opera Stable 47.0.2631.55 (HKLM-x32\...\Opera 47.0.2631.55) (Version: 47.0.2631.55 - Opera Software)
Orcs Must Die! 2 Complete (HKLM-x32\...\Orcs Must Die! 2 Complete_is1) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.14.21968 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.106.20.0 - Overwolf Ltd.)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM\...\Steam App 24240) (Version:  - OVERKILL Software)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pizza Tycoon 2 (HKLM-x32\...\1175067557_is1) (Version: 2.0.0.3 - GOG.com)
Planetbase Version 1.1.1 (HKLM-x32\...\{B779ADEB-8E07-4801-B910-51A5D4992EB6}_is1) (Version: 1.1.1 - Madruga Works)
Pro Cycling Manager 2017 MULTi9 - ElAmigos Version 1.0.2.3 (HKLM-x32\...\{6B881985-DFD9-4C1B-9C29-5C138C141411}_is1) (Version: 1.0.2.3 - Focus Home Interactive)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Railroad Pioneer (HKLM-x32\...\Steam App 306490) (Version:  - Kritzelkratz 3000)
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Rise of Venice (HKLM-x32\...\Rise of Venice_is1) (Version:  - )
RivaTuner Statistics Server 6.5.0 Beta 5 (HKLM-x32\...\RTSS) (Version: 6.5.0 Beta 5 - Unwinder)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
RollerCoaster Tycoon Deluxe (HKLM-x32\...\GOGPACKRTC_is1) (Version: 2.0.0.15 - GOG.com)
SearchAwesome (HKLM\...\44e4312f979e74c51e8c16b95c0f17e7) (Version: 13.14.1.15 (i1.0) - SearchAwesome) <==== ACHTUNG
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sid Meier's Railroads! (HKLM-x32\...\1445250539_is1) (Version: 2.0.0.6 - GOG.com)
Sir Henry's Anno 1602 Launcher 1.0 (HKLM-x32\...\Anno 1602 Launcher_is1) (Version:  - )
SiSoftware Sandra Lite 2016.SP1 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}_is1) (Version: 22.20.2016.3 - SiSoftware)
Skispringen 2007 (HKLM-x32\...\Skispringen 2007_0001) (Version:  - )
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Slime Rancher (HKLM-x32\...\1459259227_is1) (Version: 0.6.0c - GOG.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
StarCraft II German Trilogy Edition 3.05.39117 (HKLM-x32\...\StarCraft II German Trilogy Edition 3.05.39117) (Version:  - )
Stardew Valley (HKLM\...\c3RhcmRld3ZhbGxleQ_is1) (Version: 1 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader 2 - The Princess and The Pig (HKLM-x32\...\Stronghold Crusader 2 - The Princess and The Pig_is1) (Version:  - )
Supreme Commander - Forged Alliance (HKLM-x32\...\Supreme Commander - Forged Alliance_is1) (Version:  - )
Supreme Commander 2 (HKLM-x32\...\Supreme Commander 2_is1) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
THE GAME OF LIFE - The Official 2016 Edition (HKLM\...\dGhlZ2FtZW9mbGlmZXRoZW9mZmljaWFsMjAxNmVkaXRpb24_is1) (Version: 1 - )
The Guild 2 - Renaissance (HKLM-x32\...\{THEGUILDREN-0010-2010-300520102330}_is1) (Version:  - JoWooD Entertainment AG)
The Long Journey Home (HKLM\...\dGhlbG9uZ2pvdXJuZXlob21l_is1) (Version: 1 - )
The Next BIG Thing (Deutsch) (HKLM-x32\...\The Next BIG Thing (de)) (Version: 1.00 - CRIMSON COW)
The Political Machine 2016 - Campaign (HKLM-x32\...\The Political Machine 2016 - Campaign_is1) (Version:  - )
The Settlers 3 - Ultimate Collection (HKLM-x32\...\GOGPACKSETTLERS3_is1) (Version: 2.0.0.19 - GOG.com)
The Witness Version 1.0 u17 (HKLM-x32\...\{3FD8DC1C-BEB7-4086-A98B-C5B02E52DCA3}_is1) (Version: 1.0 u17 - Thekla, Inc.)
Theme Park World (HKLM-x32\...\Theme Park World) (Version:  - )
Theme Park World Fix (HKLM-x32\...\{42082D6A-7C60-4CD9-B6FC-81E6F1FA96EF}) (Version: 1.0.0 - Adam Hearn)
Total War ROME II MULTI-2 Incl Caesar in Gallien Kampagnenpaket DLC Plus Update 9 9.0 (HKLM-x32\...\Total War ROME II MULTI-2 Incl Caesar in Gallien Kampagnenpaket DLC Plus Update 9 9.0) (Version:  - )
Total War: ATTILA (HKLM\...\Steam App 325610) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version:  - The Creative Assembly)
TowerFall Ascension (HKLM\...\Steam App 251470) (Version:  - Matt Thorson)
Tropico 5 1.9 (HKLM-x32\...\Tropico 5 1.9) (Version: 1.9 - Black Poseidon)
Tropico 5 Complete Edition Update 2 1.9 (HKLM-x32\...\Tropico 5 Complete Edition Update 2 1.9) (Version: 1.9 - Black Poseidon)
Tropico 5 Complete Edition Update 3 10 (HKLM-x32\...\Tropico 5 Complete Edition Update 3 10) (Version: 10 - Black Poseidon)
Tropico 5 Espionage DLC 1.0 (HKLM-x32\...\Tropico 5 Espionage DLC 1.0) (Version: 1.0 - Black Poseidon)
True or False (HKLM\...\Steam App 521340) (Version:  - Vladimir Maslov)
Twitch (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UE4 Prerequisites (x64) (HKLM\...\{457BE011-43FF-44A7-9FA7-B3BE181E2076}) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.5 - VideoLAN)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{058506CE-4E1C-4087-878E-61D8B5F8F47A}) (Version: 1.7.2.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{65415473-2761-4ee3-85c1-5fdf086444c6}) (Version: 1.7.2.0 - Sony)
Xperia Companion Service (HKLM\...\{86C9336F-6376-4E86-A09A-EA7177DEC3D5}) (Version: 1.7.2.0 - Sony) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2112160272-3594351332-598527768-500_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Nützliche Programme\Notepad++\NppShell_06.dll [2016-11-02] ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Nützliche Programme\Virtual Clone Drive\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2016-12-30] (Romain Petges)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Nützliche Programme\Virtual Clone Drive\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2016-12-30] (Romain Petges)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-07-11] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {05C0DA90-26DA-4600-BC88-87AC31192D0E} - System32\Tasks\45ba5e5e58acbc884104f9223c43f3a5 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\Windows\45ba5e5e58acbc884104f9223c43f3a5.ps1" <==== ACHTUNG
Task: {181A5C3F-F030-45F4-92A4-CA9E00C940B5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {27601F31-DDEF-4176-B54A-BB06FF402765} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-25] ()
Task: {42222C03-CF24-4FE4-A982-1130CC2F502E} - System32\Tasks\elbyExecuteWithUAC => D:\Nützliche Programme\Virtual Clone Drive\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-22] ()
Task: {46B194E4-3EF5-4E38-A597-D1C455895360} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {5613DA51-734D-4778-BFC9-F9EA712BE2F4} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => C:\\ProgramData\\WindowsReporting\\wermgr.exe [2017-08-23] () <==== ACHTUNG
Task: {5B8CDA34-6FA7-41EF-A530-49C7E29B987D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {80931ECB-8B30-46DE-9D41-C4D88D46D465} - System32\Tasks\{8B5EB0DF-6AC4-4EB9-A114-9E8E3C4B602B} => D:\Spiele\Steam\Steam.exe [2017-07-18] (Valve Corporation)
Task: {9459F488-5CA9-426A-8B9F-F17ADB787191} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-10] (Google Inc.)
Task: {9DE941A4-BDD4-4579-B2B2-6C267C3F1A8A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {A2AF56B3-3EEC-46F2-87A5-13C13743C49F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-08-02] (Overwolf LTD)
Task: {A92F6805-231C-4FFB-A7B9-09B1E125E6DB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-27] (Microsoft Corporation)
Task: {B2297F42-F51A-4D48-A19D-A479F8273029} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-25] ()
Task: {B5C3B483-096E-40CE-A3C8-BA098DBFA327} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {DA6318F7-5FE6-4C14-9F6C-4E872B689EBF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-27] (Microsoft Corporation)
Task: {E09AA581-EBEB-4379-B6DC-446C0878CC4C} - System32\Tasks\Opera scheduled Autoupdate 1495128961 => C:\Program Files\Opera\launcher.exe [2017-08-14] (Opera Software)
Task: {E117BD38-D1A0-40BD-8E8B-136F4544082A} - System32\Tasks\{7DFFDD70-8ADC-4A08-B4B6-38D1FA2F0381} => D:\Spiele\Steam\Steam.exe [2017-07-18] (Valve Corporation)
Task: {EE56E4B3-C6BB-4BFA-AAFB-A896995EE188} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-10] (Google Inc.)
Task: {EFB795E5-BB5D-4EF4-B27C-F72EA0B2FE16} - System32\Tasks\Core Temp Autostart Administrator => D:\Nützliche Programme\Core Temp\Core Temp.exe [2016-10-11] ()

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-20 04:08 - 2016-07-11 01:17 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-02 12:31 - 2016-11-02 12:31 - 000230064 _____ () D:\Nützliche Programme\Notepad++\NppShell_06.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-12 16:45 - 2016-10-11 17:32 - 000929768 _____ () D:\Nützliche Programme\Core Temp\Core Temp.exe
2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-10-12 16:41 - 2016-10-12 16:41 - 000006656 _____ () C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.8.gadget\CoreTempReader.dll
2016-10-12 16:41 - 2016-10-12 16:41 - 000011264 _____ () C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.8.gadget\GetCoreTempInfoNET.dll
2016-10-12 16:41 - 2016-10-12 16:41 - 000007680 _____ () C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.8.gadget\SystemInfo.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-20 04:08 - 2016-06-14 22:03 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2017-08-23 15:51 - 2017-08-23 15:51 - 000008192 _____ () C:\Users\Administrator\AppData\Roaming\olvi5sm3ytt\45jaiqgcvm1.exe
2017-08-23 15:51 - 2017-08-23 15:51 - 000008192 _____ () C:\Users\Administrator\AppData\Roaming\csgqyfbqxo5\r13o5zxsayj.exe
2012-10-05 12:11 - 2012-10-05 12:11 - 000110592 ____N () C:\Program Files (x86)\Belkin\F9L1101\V1\PBN.exe
2016-08-13 13:26 - 2016-06-14 22:03 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-20 04:08 - 2016-06-14 22:03 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-08-16 16:15 - 2017-08-16 16:15 - 090050136 _____ () C:\Program Files\Opera\47.0.2631.55\opera_browser.dll
2017-08-16 16:15 - 2017-08-16 16:15 - 003972696 _____ () C:\Program Files\Opera\47.0.2631.55\libglesv2.dll
2017-08-16 16:15 - 2017-08-16 16:15 - 000100440 _____ () C:\Program Files\Opera\47.0.2631.55\libegl.dll
2017-08-23 16:26 - 2017-08-11 09:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-23 16:26 - 2017-08-11 09:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2015-02-19 23:37 - 2015-02-19 23:37 - 000063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-02-20 04:08 - 2016-06-14 22:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-06-20 11:28 - 2017-06-20 11:28 - 001997792 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-08-23 16:10 - 2017-08-23 16:10 - 000307200 _____ () C:\Users\Administrator\AppData\Local\Temp\mrt452A.tmp\mmfs2.dll
2017-08-23 16:10 - 2017-08-23 16:10 - 000031744 _____ () C:\Users\Administrator\AppData\Local\Temp\mrt452A.tmp\StringReplace.mfx
2017-08-23 16:10 - 2017-08-23 16:10 - 000093696 _____ () C:\Users\Administrator\AppData\Local\Temp\mrt452A.tmp\AdvTray.mfx
2017-08-23 16:10 - 2017-08-23 16:10 - 000172544 _____ () C:\Users\Administrator\AppData\Local\Temp\mrt452A.tmp\AdvMenu.mfx
2017-08-23 16:10 - 2017-08-23 16:10 - 000082944 _____ () C:\Users\Administrator\AppData\Local\Temp\mrt452A.tmp\OpenURLs.mfx
2017-08-23 16:10 - 2017-08-23 16:10 - 000021504 _____ () C:\Users\Administrator\AppData\Local\Temp\mrt452A.tmp\Get.mfx
2017-08-23 16:10 - 2017-08-23 16:10 - 000030720 _____ () C:\Users\Administrator\AppData\Local\Temp\mrt452A.tmp\Instance Communicator.mfx
2017-08-23 16:10 - 2017-08-23 16:10 - 000074752 _____ () C:\Users\Administrator\AppData\Local\Temp\mrt452A.tmp\ForEach.mfx
2017-08-23 16:10 - 2017-08-23 16:10 - 000276992 _____ () C:\Users\Administrator\AppData\Local\Temp\mrt452A.tmp\Surface.mfx
2017-08-23 16:10 - 2017-08-23 16:10 - 000074752 _____ () C:\Users\Administrator\AppData\Local\Temp\mrt452A.tmp\EditBoxSel.mfx
2009-05-16 23:00 - 2009-05-16 23:00 - 000200704 ____N () C:\Program Files (x86)\Belkin\F9L1101\V1\BelkinwcuiDLL.dll
2016-04-05 17:57 - 2016-04-05 17:57 - 000393608 _____ () C:\Users\Administrator\AppData\Roaming\Curse Client\Bin\opus.dll
2016-11-16 03:17 - 2017-08-16 20:09 - 000535872 _____ () C:\Users\Administrator\AppData\Roaming\Curse Client\Bin\Curse.Presto.Interface.dll
2016-02-21 20:28 - 2012-06-17 12:20 - 000061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll
2017-05-29 01:54 - 2014-05-13 12:04 - 000109400 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-05-29 01:54 - 2014-05-13 12:04 - 000416600 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-05-29 01:54 - 2014-05-13 12:04 - 000167768 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-05-29 01:54 - 2012-08-23 10:38 - 000574840 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-05-29 01:54 - 2012-04-03 17:06 - 000565640 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-12-06 21:19 - 2017-04-12 03:27 - 001950528 _____ () C:\Users\Administrator\AppData\Roaming\Curse Client\Bin\Electron\ffmpeg.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2017-08-23 15:51 - 000001258 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2112160272-3594351332-598527768-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{5D02709F-D2B6-4C14-B914-3EB06264CF2B}] => (Allow) D:\Spiele\Steam\Steam.exe
FirewallRules: [{6FFA3EAF-C61E-4DBF-8A66-C9DCC227B9DB}] => (Allow) D:\Spiele\Steam\Steam.exe
FirewallRules: [{B48C84C3-ABF1-47A1-A62C-150A076D6CFE}] => (Allow) D:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{29841909-E7B1-4054-98D2-084D2808B680}] => (Allow) D:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{7448C66E-C82D-442E-AAB1-794CCB108C02}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{85A7F9B2-B764-496D-AEF8-C61DF13ADFA7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5FDC5D53-B130-4166-ADCA-6709CDC250E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A06F959A-12D5-4CE6-A9FF-63FF4598A11D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{394D46CF-C164-4F4B-9342-75068746950D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C08F6AF5-7A08-45F5-874A-4F2B49094386}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6922FA22-145B-4E51-ADA2-6FF3AAB44C10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EA565088-A69D-439C-A390-87E6E74DA690}] => (Allow) D:\Spiele\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4CD3CFE1-5F97-4C76-B3BC-66286ABA2029}] => (Allow) D:\Spiele\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E0565875-DB19-4EA8-88E9-B8801398B656}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{1EC74777-DC7B-4346-8D21-6391E87C1FA4}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{090AC3B5-C71E-496F-9270-8D18343AE4FE}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{7D983396-3308-433B-B0DE-2168B5326F59}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{AF4B392E-21F6-42A1-B21B-E6B5589F7100}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{5460D85A-DB80-4EB9-A313-DFC98005C3DC}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{18E77694-97E5-4D49-AC78-44CC32F2A393}] => (Allow) D:\Spiele\Steam\steamapps\common\Hero Defense - Haunted Island\HauntedIsland.exe
FirewallRules: [{AC3D1644-49F8-4B44-8EDF-921D1C6BC0E6}] => (Allow) D:\Spiele\Steam\steamapps\common\Hero Defense - Haunted Island\HauntedIsland.exe
FirewallRules: [{53E29C8A-6644-4B47-B4D2-C5F7927D871C}] => (Allow) D:\Spiele\Steam\steamapps\common\Railroad Pioneer\Bin\Railroad.exe
FirewallRules: [{AB37B407-147F-4CD7-A30B-6F1F21F69AFF}] => (Allow) D:\Spiele\Steam\steamapps\common\Railroad Pioneer\Bin\Railroad.exe
FirewallRules: [TCP Query User{FD2864D7-4D98-4701-85C2-21D6731F4DDC}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{60C408C6-1F5F-4B1C-AC7C-3FB9B7703A99}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A99F5477-754D-4FB0-AC30-6C8E6681A1C0}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{17A2F595-D800-45DC-BEE7-A5E7B0E35125}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [{935A9EB1-F613-486E-A3F2-33F7A711B979}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83729861-D43D-4F71-9709-E1F38A55B655}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{33FFA099-8D74-4808-B19A-B59ED177EBC3}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{46296334-0A83-4EC1-8918-CC395E3F32A9}D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe] => (Allow) D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe
FirewallRules: [UDP Query User{DF49203F-255A-4835-89B2-5258F46F262D}D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe] => (Allow) D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe
FirewallRules: [TCP Query User{C90B8D27-170E-4A30-94A7-E286EF105C1E}D:\spiele\total war rome ii\rome2.exe] => (Allow) D:\spiele\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{CABD4DFD-6B1B-4A38-877A-187A8BA3E44C}D:\spiele\total war rome ii\rome2.exe] => (Allow) D:\spiele\total war rome ii\rome2.exe
FirewallRules: [{036FD55D-1B4C-4589-B4B3-6A62F4EE17F5}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{42300BF1-6D79-483E-9794-4B9B009F8515}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{C8835F64-E195-4DF4-8198-1F541F3FAEBB}] => (Allow) D:\Spiele\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{DD0B9CAE-B6C8-48D9-8CFE-0E85DC5068ED}] => (Allow) D:\Spiele\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{60703736-47DF-4A33-B41C-C261B39B8191}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{7F4BBA8F-1767-4227-9872-5EC65AE18149}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{8FEC043B-AA50-4F07-A09B-8F3417E070FA}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{074CA5EC-76EC-4203-97E2-F7CD713B2CAF}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{B1A1A9A1-8236-42DC-B48B-033177138531}] => (Allow) D:\Spiele\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{150626E4-9ACC-45D9-B201-7F9D9595451B}] => (Allow) D:\Spiele\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{9DFE3BEF-4E6C-4CA8-B201-DABC3D979FDA}] => (Allow) D:\Spiele\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe
FirewallRules: [{CA8D98AC-E7E4-4774-B799-32449DF7B68B}] => (Allow) D:\Spiele\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe
FirewallRules: [TCP Query User{791CBCEC-5A78-4A5F-B95A-A80A4237B66E}D:\spiele\hearthstone\hearthstone.exe] => (Allow) D:\spiele\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{92A25983-612D-4214-B2E4-BFE0083CBBCF}D:\spiele\hearthstone\hearthstone.exe] => (Allow) D:\spiele\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E938539D-0C6C-4092-B8D7-7416CEE9E4D2}D:\spiele\antichamber\binaries\win32\udk.exe] => (Allow) D:\spiele\antichamber\binaries\win32\udk.exe
FirewallRules: [UDP Query User{0F3DF6CB-4E4B-487F-8830-6F4E7289E8CF}D:\spiele\antichamber\binaries\win32\udk.exe] => (Allow) D:\spiele\antichamber\binaries\win32\udk.exe
FirewallRules: [TCP Query User{FA83BF5C-5208-4E45-9C2F-DAC98F246AD4}D:\spiele\grand theft auto v\gta5.exe] => (Allow) D:\spiele\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A34673CA-728C-40E4-8DFE-F390A7440B9B}D:\spiele\grand theft auto v\gta5.exe] => (Allow) D:\spiele\grand theft auto v\gta5.exe
FirewallRules: [{9630AF97-9045-48A4-AB7F-5D949A3A79D3}] => (Allow) D:\Spiele\Steam\steamapps\common\A Boy and His Blob\Blob.exe
FirewallRules: [{182CA197-6268-4F37-8921-FD1CF7E2B057}] => (Allow) D:\Spiele\Steam\steamapps\common\A Boy and His Blob\Blob.exe
FirewallRules: [TCP Query User{3F61DA2D-4EDB-41BD-82C5-E042E3DA75BA}D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe] => (Block) D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{5EDE669A-C901-4519-AD80-8271A61D0A88}D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe] => (Block) D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe
FirewallRules: [{E218463B-FFF3-45AF-AF59-A45C0C41B2B9}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{75D70054-9F5D-42B6-B19B-71B7B76B6856}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{C2B52FC0-57E7-4B9B-801A-FE2F4B813A89}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{EC499626-3CA8-4C86-82F1-9815CA227F48}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{2FA652A8-019D-4614-B5C0-86DECB56B4E1}] => (Allow) D:\Spiele\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [{413752B0-FDB5-4E08-9FAD-67768198C6E1}] => (Allow) D:\Spiele\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [TCP Query User{24F1DE30-2ADB-42DA-8EC6-4A0B7DB74747}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{5AF1CDE1-6973-4488-8FB9-2EDE967EE8E1}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{902EA10D-0602-4974-BC16-26C1CAC68361}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{6E434183-4265-4113-9198-61E85226E1AB}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{491F7AE2-37A0-456D-B8CF-158CEC3A598B}D:\spiele\counter-strike source (no steam)\hl2.exe] => (Allow) D:\spiele\counter-strike source (no steam)\hl2.exe
FirewallRules: [UDP Query User{D3C47D24-0766-43E6-94A1-0E1FA53BE98A}D:\spiele\counter-strike source (no steam)\hl2.exe] => (Allow) D:\spiele\counter-strike source (no steam)\hl2.exe
FirewallRules: [TCP Query User{F6540D33-E609-4C86-8B5D-FE9ED162A532}D:\spiele\flatout 2\flatout2.exe] => (Allow) D:\spiele\flatout 2\flatout2.exe
FirewallRules: [UDP Query User{EAA6D1B6-9CF7-4C3E-82B2-9895D2B74945}D:\spiele\flatout 2\flatout2.exe] => (Allow) D:\spiele\flatout 2\flatout2.exe
FirewallRules: [TCP Query User{C1D8FC3E-3DF5-4C5E-8800-995F06B9CBF0}D:\spiele\world of padman\world of padman - spiel.exe] => (Block) D:\spiele\world of padman\world of padman - spiel.exe
FirewallRules: [UDP Query User{32258350-5938-4E3C-925F-FD8E3DCB6463}D:\spiele\world of padman\world of padman - spiel.exe] => (Block) D:\spiele\world of padman\world of padman - spiel.exe
FirewallRules: [TCP Query User{761155F5-C91A-4449-BF47-9521DBA12641}G:\cod modern warfare\iw3mp.exe] => (Allow) G:\cod modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{B4F0428B-CD55-4F1B-8C8E-D4DA972AC631}G:\cod modern warfare\iw3mp.exe] => (Allow) G:\cod modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{8C89C1EF-7BED-4F53-AE86-0C80C5A2A1D6}D:\spiele\cod 4\cod\iw3mp.exe] => (Allow) D:\spiele\cod 4\cod\iw3mp.exe
FirewallRules: [UDP Query User{C0596A31-D2EF-43CD-901B-C13B034A6A64}D:\spiele\cod 4\cod\iw3mp.exe] => (Allow) D:\spiele\cod 4\cod\iw3mp.exe
FirewallRules: [TCP Query User{DDE18B4D-9CE0-4D6F-A4F9-742836ED8E88}D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe
FirewallRules: [UDP Query User{982DF12D-41F8-4929-9043-59FFECC36A85}D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe
FirewallRules: [TCP Query User{6C01EAE6-A724-4EF4-A97E-F92C489AA048}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{49256B58-F16B-45EB-BA37-D030E4BEE218}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{14129D83-2C24-4FF5-96B0-44449A419CF2}D:\spiele\age of empires 2\the age of kings\empires2.exe] => (Allow) D:\spiele\age of empires 2\the age of kings\empires2.exe
FirewallRules: [UDP Query User{8B42FAD0-4900-4108-BCAA-85B200F7F897}D:\spiele\age of empires 2\the age of kings\empires2.exe] => (Allow) D:\spiele\age of empires 2\the age of kings\empires2.exe
FirewallRules: [TCP Query User{19FD3923-94F8-4C10-B82F-9CFC1E5568B3}D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe
FirewallRules: [UDP Query User{0D086238-D253-4FEC-9F43-5D699BD7E585}D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe
FirewallRules: [TCP Query User{4FBD02E4-6A07-4AF2-8603-40570B3EF22D}D:\spiele\warcraft iii\war3.exe] => (Allow) D:\spiele\warcraft iii\war3.exe
FirewallRules: [UDP Query User{8F828326-B1FE-47F5-911A-1D013E152952}D:\spiele\warcraft iii\war3.exe] => (Allow) D:\spiele\warcraft iii\war3.exe
FirewallRules: [TCP Query User{FA9AEBEE-D419-4D58-8EC0-E7EEE0F89815}D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe] => (Allow) D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe
FirewallRules: [UDP Query User{AC51A052-FFC3-439A-BE9B-0EC5685E88F5}D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe] => (Allow) D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe
FirewallRules: [TCP Query User{382F626B-A891-47BB-88EC-68427C595C19}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{9310B402-5286-413C-A1EA-9EBD37AE0492}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{DDBC55B4-7AA3-480C-9B9F-D868B1AB9A7E}] => (Allow) D:\Spiele\Steam\steamapps\common\True or False\TrueOrFalse.exe
FirewallRules: [{F7CC3BBB-F577-466A-B303-E8B35CA3F376}] => (Allow) D:\Spiele\Steam\steamapps\common\True or False\TrueOrFalse.exe
FirewallRules: [{2A07A4BA-5DA8-4D16-85B7-5631CD04157F}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{6BE5DBE5-FADE-419F-B775-0846A172D417}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{3509D227-ADA0-40D5-92D3-9BDD75438C9E}] => (Allow) D:\Program Files (x86)\Origin Games\Dungeon Keeper\DATA\DOSBox\DOSBox.exe
FirewallRules: [{1FE0EF2E-A951-4AC7-A04C-122C714E3491}] => (Allow) D:\Program Files (x86)\Origin Games\Dungeon Keeper\DATA\DOSBox\DOSBox.exe
FirewallRules: [TCP Query User{9264B8AD-6545-4025-B5D1-3D7764B6E46E}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{B8C30ED9-732D-4914-AC40-2A04FF7130BC}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [TCP Query User{298FF1E4-58B3-4780-8350-5E912133CB5B}D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E6A49C35-EDA5-40FF-930F-142BD28E7333}D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{33946618-F869-4BF8-8CD2-B1CFFAD98FE7}D:\spiele\farming simulator 17\dedicatedserver.exe] => (Allow) D:\spiele\farming simulator 17\dedicatedserver.exe
FirewallRules: [UDP Query User{DD7D7B04-FD89-4C35-A350-170E9C612663}D:\spiele\farming simulator 17\dedicatedserver.exe] => (Allow) D:\spiele\farming simulator 17\dedicatedserver.exe
FirewallRules: [TCP Query User{39F3F676-4700-4F6F-AE95-F16DD68931F9}D:\spiele\railroad tycoon 3\rt3.exe] => (Allow) D:\spiele\railroad tycoon 3\rt3.exe
FirewallRules: [UDP Query User{DA48B3A4-6FB4-46F3-874A-1C1B6359BC35}D:\spiele\railroad tycoon 3\rt3.exe] => (Allow) D:\spiele\railroad tycoon 3\rt3.exe
FirewallRules: [{978761B4-6E6F-40B6-A286-3025C9F652DC}] => (Allow) D:\Images\FIFA 15 Ultimate Team Edition\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{9F9C2B31-469E-4B5E-94C4-A1AA58372785}] => (Allow) D:\Images\FIFA 15 Ultimate Team Edition\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{B2AE2EBD-8E68-4389-B786-26BB61203754}C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A3BAC214-B1C9-460E-9DB7-5222854A7AC7}C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{2FEB554B-668C-4334-8127-D79AB522F76B}] => (Allow) D:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3550DB2F-9A83-44D8-B762-C4B2E7E2AFA7}] => (Allow) D:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6641B644-FF3C-4B3F-A0D7-D8EE98E7ACCD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8153103A-9C1F-4DD1-B6C4-D9B7AB5BC31D}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe
FirewallRules: [{ED9F96C0-CF08-443F-9990-CB83B2529520}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\RpcSandraSrv.exe
FirewallRules: [TCP Query User{E95DE146-1E58-4984-9726-2A41C096DC5B}D:\spiele\rise of venice\riseofvenice.exe] => (Allow) D:\spiele\rise of venice\riseofvenice.exe
FirewallRules: [UDP Query User{130C7A70-65FF-41E9-8CDB-2E6F7C313FE4}D:\spiele\rise of venice\riseofvenice.exe] => (Allow) D:\spiele\rise of venice\riseofvenice.exe
FirewallRules: [{84B87438-3157-4A62-B7F9-26EBBFD52541}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
FirewallRules: [{B7648569-7315-4902-9C71-AA69136020F6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
FirewallRules: [{0076A664-1F6E-4E32-8982-16E91EA8175E}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base38996\SC2_x64.exe
FirewallRules: [{409F00AB-C3F2-4702-A7F0-2B0299D26396}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base38996\SC2_x64.exe
FirewallRules: [{4D6CAC72-A665-4A0B-8A38-74EAE4106622}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C8DD86A8-3582-46F1-BBFC-EAE03D6DC7CB}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base52910\SC2_x64.exe
FirewallRules: [{57BA57BD-9A5B-41B8-9386-847CA664F89C}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base52910\SC2_x64.exe
FirewallRules: [{168273C7-3C3E-444A-942F-34B889A89B71}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D2579AFE-FA51-42E4-A0BC-77EA41127C6A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{5DB42B66-CE0F-447F-80F2-0C2FEFC5FF2B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{F1AD07AF-9600-4342-BB57-33C116F0657D}] => (Allow) D:\Spiele\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{75BA888F-1050-414F-AE1A-7DB9C3BE0E91}] => (Allow) D:\Spiele\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{D40F0973-347B-4C51-8094-E8FA0EFAA123}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E9CE497-93B3-4636-BB54-5F4B7129B1CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E5130A9A-C542-41D1-88CE-45C54CA8BEEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F4A5E90-15CC-4BAB-BCD8-82103C764073}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{86BE054C-156B-41FA-B26C-962403714D74}D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe] => (Allow) D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe
FirewallRules: [UDP Query User{A38A004F-3EDD-46B0-805E-EFC14F90E02C}D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe] => (Allow) D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe
FirewallRules: [TCP Query User{57B8986C-3841-4BFD-87CF-557F40373065}D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe] => (Allow) D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe
FirewallRules: [UDP Query User{AE1B49E8-5531-455F-B743-A30B4067B3D7}D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe] => (Allow) D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe
FirewallRules: [TCP Query User{C46D8A88-E4E2-4395-9F36-71D9CA7CCF29}D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe] => (Allow) D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe
FirewallRules: [UDP Query User{DABDD353-21EA-485E-8170-0E6E8D358E04}D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe] => (Allow) D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe
FirewallRules: [{D08D042F-8A71-4631-BB5E-9AD33202E987}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{F3734456-4DC5-4EF3-B745-B8AAA76BEDF2}] => (Allow) D:\Spiele\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{701192D0-BE25-40AA-A3CA-12E4CB4A4683}] => (Allow) D:\Spiele\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{75D1F4EC-E354-42B1-A5F1-BFDAB95981A4}] => (Allow) D:\Spiele\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{08858A00-5557-47F4-B1A6-CC21C8253674}] => (Allow) D:\Spiele\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [TCP Query User{1921847B-DC1D-4071-A63D-D98E2C951E46}D:\spiele\pro cycling manager 2017\pcm64.exe] => (Allow) D:\spiele\pro cycling manager 2017\pcm64.exe
FirewallRules: [UDP Query User{81FDE38F-6F69-4257-9423-F7E5F57514B7}D:\spiele\pro cycling manager 2017\pcm64.exe] => (Allow) D:\spiele\pro cycling manager 2017\pcm64.exe
FirewallRules: [{8DDDBDCE-1F77-442A-82E2-F805BD053103}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1D89FAAE-8A2A-45D0-B671-8F6C3815DDA7}] => (Allow) C:\Program Files\Opera\47.0.2631.39\opera.exe
FirewallRules: [{793B3481-149C-4090-B74C-6C7B178D5BB1}] => (Allow) C:\Program Files\Opera\47.0.2631.55\opera.exe
FirewallRules: [{5D93ABF0-0436-4C15-B63B-C899FFA0BD1A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/23/2017 04:10:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (08/23/2017 03:57:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (08/23/2017 03:57:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (08/23/2017 03:57:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (08/23/2017 03:57:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (08/23/2017 03:57:05 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (08/23/2017 03:57:05 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (08/23/2017 03:57:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (08/23/2017 03:57:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (08/23/2017 03:53:48 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


Systemfehler:
=============
Error: (08/23/2017 04:15:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Belkin WLAN service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/23/2017 04:15:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/23/2017 04:14:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/23/2017 04:11:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
Das System kann die angegebene Datei nicht finden.

Error: (08/23/2017 04:10:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/23/2017 04:10:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (08/23/2017 04:09:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{F9717507-6651-4EDB-BFF7-AE615179BCCF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/23/2017 04:08:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{3FCB7074-EC9E-4AAF-9BE3-C0E356942366}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/23/2017 03:54:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
Das System kann die angegebene Datei nicht finden.

Error: (08/23/2017 03:53:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) II X6 1045T Processor
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 6141.09 MB
Verfügbarer physikalischer RAM: 2296.55 MB
Summe virtueller Speicher: 12280.37 MB
Verfügbarer virtueller Speicher: 7631.28 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:59.53 GB) (Free:0.84 GB) NTFS
Drive d: (Volume) (Fixed) (Total:3725.9 GB) (Free:1078.62 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 225F225F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 94A77791)

Partition: GPT.

==================== Ende von Addition.txt ============================
         
Vielen Dank im Voraus!

Lg

Easy
__________________


Alt 24.08.2017, 15:16   #3
Tician
/// TB-Senior
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________
__________________

Alt 24.08.2017, 22:23   #4
Tician
/// TB-Senior
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Hi Easy Frag,

Kurzum: Du hast einen aktiven Trojaner drauf, der entfernt werden sollte.
Allerdings habe ich eine noch schlechtere Nachricht: Du hast mindestens eine gecrackte Software drauf

Hinweis:
Cracks und Keygens
Zitat:
Task: {46B194E4-3EF5-4E38-A597-D1C455895360} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Hier gibt es keine weitere Hilfe bis jegliche Art von illegaler Software vom PC entfernt wurde.


Sag bescheid wenn der Crack runter ist und du deine Software legal erworben (oder deinstalliert) hast.
__________________
Gruß Tician

Alt 24.08.2017, 23:48   #5
Easy Frag
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Zitat:
Sag bescheid wenn der Crack runter ist und du deine Software legal erworben (oder deinstalliert) hast.
Da es sich nicht um mein System handelt und der Besitzer keine Ahnung hat habe ich mal recherchiert und es scheint sich offenbar um das Office Paket zu handeln.

Ich habe das mal deinstalliert. Zumindest kann ich jetzt den besagten Task in den neuen Logs nicht mehr finden.

Außerdem hatte ich bedingt durch die lange Wartezeit doch noch mal selbst mein Bestes versucht und zusammen mit der Software Unhack Me nachgeholfen, denn es wurde laufend ungewünschte Software (hauptsächlich Tune Up Programme) installiert.

Augenscheinlich scheint das System wieder ok zu sein (viel manuelles recherchieren und löschen via Unhack me), da weder Adware noch Tabs in Chrome geöffnet werden.

Ich würde dennoch gerne sicher gehen, dass alles runter ist an Schadcode.

Hier die beiden Reports.

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
durchgeführt von Administrator (Administrator) auf SEBASTIAN-PC (24-08-2017 23:37:43)
Gestartet von C:\Users\Administrator\Downloads
Geladene Profile: Administrator (Verfügbare Profile: Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\MountPoints2: {8f4dba2e-d7bb-11e5-92e4-001fd097aa98} - E:\setup.exe
AppInit_DLLs: C:\ProgramData\Plusdax\BetaRon.dll => Keine Datei
BootExecute: autocheck autochk * sdnclean64.exePartizan
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1BC3EF52-6087-47AE-A9A6-15B1B2DEE266}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1F289EB0-A2C8-4A07-A950-EDAF346D4359}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{52E2C328-7C77-4E37-93C7-B4E397C82ED5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5BE74D56-D472-4EAE-93A8-37D212CB2339}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{85704D9B-DCD8-40A5-8C5C-AEFF4323017F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2112160272-3594351332-598527768-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2112160272-3594351332-598527768-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-04] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: bci6t4gj.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default [2017-08-23]
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\user.js [2017-08-23]
FF Homepage: Mozilla\Firefox\Profiles\bci6t4gj.default -> about:blank
FF NewTab: Mozilla\Firefox\Profiles\bci6t4gj.default -> 
FF Extension: (Quick Searcher) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2017-08-23]
FF Extension: (Adblock Edge) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-04-28]
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\searchplugins\findit.xml [2017-08-23]
FF HKLM-x32\...\Firefox\Extensions: [{724F5349-5570-4EE4-A11C-02A93D91DBDD}] - C:\Windows\Installer\{B009DFB1-305D-4740-B8DB-8CE37AC7B874}\{724F5349-5570-4EE4-A11C-02A93D91DBDD}.xpi
FF Extension: ( ) - C:\Windows\Installer\{B009DFB1-305D-4740-B8DB-8CE37AC7B874}\{724F5349-5570-4EE4-A11C-02A93D91DBDD}.xpi [2017-08-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-20] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-11-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-11-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-04] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2112160272-3594351332-598527768-500: ubisoft.com/uplaypc -> D:\Spiele\Die Siedler 7\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [2013-02-26] (Ubisoft)

Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-08-24]
CHR Extension: (Google Präsentationen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-23]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-23]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-23]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-23]
CHR Extension: (Google Tabellen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-24]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-08-23]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; D:\Spiele\Origin\OriginClientService.exe [2169696 2017-07-17] (Electronic Arts)
S2 Origin Web Helper Service; D:\Spiele\Origin\OriginWebHelperService.exe [3149664 2017-07-17] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-08-02] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-09-10] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-09] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-05-31] (Sony)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-07-11] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-10] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-24] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-28] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-08-23] (Greatis Software)
S3 RTCore64; D:\Nützliche Programme\MSI Afterburner\RTCore64.sys [13512 2016-09-02] ()
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-02-19] (Cisco Systems, Inc.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-08-23 22:57 - 2017-08-23 22:57 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-23 22:57 - 2017-08-23 22:57 - 000002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-23 22:56 - 2017-08-23 22:56 - 001130328 _____ (Google Inc.) C:\Users\Administrator\Downloads\ChromeSetup (1).exe
2017-08-23 22:56 - 2017-08-23 22:56 - 000003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-23 22:56 - 2017-08-23 22:56 - 000003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-23 22:47 - 2017-08-23 22:47 - 000000306 __RSH C:\Users\Administrator\ntuser.pol
2017-08-23 22:45 - 2017-08-24 23:20 - 000000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-08-23 22:41 - 2017-08-23 22:41 - 000000000 ____D C:\@RestoreQuarantine
2017-08-23 22:09 - 2017-08-23 22:44 - 000000000 ____D C:\Users\Administrator\Documents\RegRun2
2017-08-23 22:09 - 2017-08-23 22:43 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2017-08-23 22:09 - 2017-08-23 22:09 - 000040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2017-08-23 22:09 - 2017-08-23 22:09 - 000000002 RSHOT C:\Windows\winstart.bat
2017-08-23 22:09 - 2017-08-23 22:09 - 000000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-08-23 22:09 - 2017-08-23 22:09 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-08-23 22:09 - 2017-08-23 22:09 - 000000000 ____D C:\ProgramData\RegRun
2017-08-23 22:09 - 2017-08-23 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-08-23 22:09 - 2017-08-02 16:04 - 000014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2017-08-23 22:09 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2017-08-23 22:08 - 2017-08-23 22:12 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2017-08-23 22:07 - 2017-08-23 22:08 - 018826327 _____ C:\Users\Administrator\Downloads\unhackmeb.zip
2017-08-23 22:05 - 2017-08-23 22:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2017-08-23 22:03 - 2017-08-23 22:03 - 000000000 ____D C:\Program Files\AVAST Software
2017-08-23 22:02 - 2017-08-23 22:05 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-23 22:01 - 2017-08-23 22:01 - 000005120 _____ C:\Windows\SysWOW64\mtxlfgih.dll
2017-08-23 22:01 - 2017-08-23 22:01 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\npm
2017-08-23 22:01 - 2017-08-23 22:01 - 000000000 ____D C:\Program Files\{27926DB0-34A2-46C4-8C1B-0195D65996EB}
2017-08-23 22:01 - 2017-08-23 22:01 - 000000000 ____D C:\Program Files (x86)\nodejs
2017-08-23 22:01 - 2017-08-23 22:01 - 000000000 ____D C:\Program Files (x86)\{13880499-F198-4EE1-B7ED-C477DC572E5E}
2017-08-23 22:00 - 2017-08-23 22:00 - 000000002 _____ C:\END
2017-08-23 21:59 - 2017-08-23 22:15 - 001847296 _____ C:\Users\Administrator\AppData\Local\po.db
2017-08-23 21:59 - 2017-08-23 21:59 - 007324160 _____ C:\Users\Administrator\AppData\Local\agent.dat
2017-08-23 21:59 - 2017-08-23 21:59 - 002554368 _____ (TODO: <Company name>) C:\Users\Administrator\AppData\Local\Zot-Light.exe
2017-08-23 21:59 - 2017-08-23 21:59 - 001899372 _____ C:\Users\Administrator\AppData\Local\Zot-Light.tst
2017-08-23 21:59 - 2017-08-23 21:59 - 001895382 _____ C:\Users\Administrator\AppData\Local\KayCom.bin
2017-08-23 21:59 - 2017-08-23 21:59 - 000278509 _____ C:\Users\Administrator\AppData\Local\Quo-Fax.bin
2017-08-23 21:59 - 2017-08-23 21:59 - 000140800 _____ C:\Users\Administrator\AppData\Local\installer.dat
2017-08-23 21:59 - 2017-08-23 21:59 - 000136803 _____ () C:\Users\Administrator\AppData\Local\Tincore.bin
2017-08-23 21:59 - 2017-08-23 21:59 - 000126464 _____ C:\Users\Administrator\AppData\Local\noah.dat
2017-08-23 21:59 - 2017-08-23 21:59 - 000070800 _____ C:\Users\Administrator\AppData\Local\Config.xml
2017-08-23 21:59 - 2017-08-23 21:59 - 000019008 _____ C:\Users\Administrator\AppData\Local\INSTALLATIONCONFIGURATION.del
2017-08-23 21:59 - 2017-08-23 21:59 - 000018432 _____ C:\Users\Administrator\AppData\Local\Main.dat
2017-08-23 21:59 - 2017-08-23 21:59 - 000015606 _____ C:\Windows\SysWOW64\findit.xml
2017-08-23 21:59 - 2017-08-23 21:59 - 000005568 _____ C:\Users\Administrator\AppData\Local\md.xml
2017-08-23 21:58 - 2017-08-23 21:58 - 000000000 ____D C:\Program Files\Novo
2017-08-23 21:57 - 2017-08-23 21:57 - 000000000 ____D C:\ProgramData\5e41da7a-2303-1
2017-08-23 21:57 - 2017-08-23 21:57 - 000000000 ____D C:\ProgramData\5e41da7a-1961-0
2017-08-23 21:55 - 2017-08-23 22:01 - 000002880 __RSH C:\ProgramData\ntuser.pol
2017-08-23 21:53 - 2017-08-23 22:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-08-23 21:53 - 2017-08-23 21:53 - 000000000 ____D C:\ProgramData\e05800be-3441-1
2017-08-23 21:53 - 2017-08-23 21:53 - 000000000 ____D C:\ProgramData\e05800be-2285-0
2017-08-23 21:51 - 2017-08-23 22:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\ToolInetInfo
2017-08-23 16:38 - 2017-08-23 16:38 - 000074655 _____ C:\Users\Administrator\Downloads\Addition.txt
2017-08-23 16:37 - 2017-08-24 23:38 - 000015333 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-08-23 16:37 - 2017-08-24 23:37 - 000000000 ____D C:\FRST
2017-08-23 16:37 - 2017-08-23 16:37 - 002395648 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2017-08-23 16:24 - 2017-08-23 16:24 - 001130328 _____ (Google Inc.) C:\Users\Administrator\Downloads\ChromeSetup.exe
2017-08-23 16:20 - 2017-08-23 16:20 - 000000000 ____D C:\Windows\system32\appmgmt
2017-08-23 15:51 - 2017-08-23 21:57 - 000031443 _____ C:\Windows\45ba5e5e58acbc884104f9223c43f3a5.ps1
2017-08-23 15:51 - 2017-08-23 15:51 - 000000000 ____D C:\Windows\Azart
2017-08-23 15:51 - 2017-08-23 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\olvi5sm3ytt
2017-08-23 15:51 - 2017-08-23 15:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\csgqyfbqxo5
2017-08-23 13:32 - 2017-08-23 13:32 - 001677824 _____ C:\Windows\ae3e709c41c32739103c91949b6ecc64.exe
2017-08-23 13:32 - 2017-08-23 13:32 - 000039806 _____ C:\Windows\uninstaller.dat
2017-08-20 07:28 - 2017-08-20 07:28 - 000000000 ____D C:\Windows\rescache
2017-08-17 18:54 - 2017-08-17 18:54 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Monomi Park
2017-08-17 18:53 - 2017-08-17 18:53 - 000000000 ____D C:\ProgramData\GOG.com
2017-08-09 15:22 - 2017-07-29 16:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 15:22 - 2017-07-21 16:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-09 15:22 - 2017-07-21 16:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-09 15:22 - 2017-07-21 16:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-09 15:22 - 2017-07-21 16:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-09 15:22 - 2017-07-15 20:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-09 15:22 - 2017-07-15 19:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 15:22 - 2017-07-14 17:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 15:22 - 2017-07-14 17:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 15:22 - 2017-07-14 17:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 15:22 - 2017-07-14 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-09 15:22 - 2017-07-14 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-09 15:22 - 2017-07-14 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 15:22 - 2017-07-14 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-09 15:22 - 2017-07-14 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-09 15:22 - 2017-07-14 16:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 15:22 - 2017-07-14 16:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-09 15:22 - 2017-07-14 16:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-09 15:22 - 2017-07-14 09:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-09 15:22 - 2017-07-14 09:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-09 15:22 - 2017-07-14 08:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-09 15:22 - 2017-07-14 08:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-09 15:22 - 2017-07-14 08:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-09 15:22 - 2017-07-14 08:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-09 15:22 - 2017-07-14 08:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-09 15:22 - 2017-07-14 08:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-09 15:22 - 2017-07-14 08:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-09 15:22 - 2017-07-14 08:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-09 15:22 - 2017-07-14 08:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-09 15:22 - 2017-07-14 08:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-09 15:22 - 2017-07-14 08:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-09 15:22 - 2017-07-14 08:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-09 15:22 - 2017-07-14 08:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-09 15:22 - 2017-07-14 08:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-09 15:22 - 2017-07-14 08:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-09 15:22 - 2017-07-14 08:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-09 15:22 - 2017-07-14 07:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 15:22 - 2017-07-14 07:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-09 15:22 - 2017-07-14 07:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-09 15:22 - 2017-07-14 07:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-09 15:22 - 2017-07-14 07:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-09 15:22 - 2017-07-14 07:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-09 15:22 - 2017-07-14 07:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-09 15:22 - 2017-07-14 07:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-09 15:22 - 2017-07-14 07:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-09 15:22 - 2017-07-14 07:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-09 15:22 - 2017-07-14 07:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-09 15:22 - 2017-07-14 07:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-09 15:22 - 2017-07-14 07:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-09 15:22 - 2017-07-14 06:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-09 15:22 - 2017-07-14 06:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-09 15:22 - 2017-07-14 06:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-09 15:22 - 2017-07-14 05:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-09 15:22 - 2017-07-14 05:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-09 15:22 - 2017-07-14 04:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-09 15:22 - 2017-07-14 04:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-09 15:22 - 2017-07-14 04:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-09 15:22 - 2017-07-14 04:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-09 15:22 - 2017-07-14 04:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-09 15:22 - 2017-07-14 04:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-09 15:22 - 2017-07-14 04:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-09 15:22 - 2017-07-14 04:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-09 15:22 - 2017-07-14 04:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-09 15:22 - 2017-07-14 04:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-09 15:22 - 2017-07-14 04:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-09 15:22 - 2017-07-14 04:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-09 15:22 - 2017-07-14 04:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-09 15:22 - 2017-07-14 04:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-09 15:22 - 2017-07-14 04:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-09 15:22 - 2017-07-14 04:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-09 15:22 - 2017-07-14 04:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-09 15:22 - 2017-07-14 04:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-09 15:22 - 2017-07-14 04:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-09 15:22 - 2017-07-14 04:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-09 15:22 - 2017-07-14 04:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-09 15:22 - 2017-07-14 04:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-09 15:22 - 2017-07-14 04:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-09 15:22 - 2017-07-14 04:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-09 15:22 - 2017-07-14 04:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-09 15:22 - 2017-07-14 04:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-09 15:22 - 2017-07-14 04:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-09 15:22 - 2017-07-14 03:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-09 15:22 - 2017-07-14 03:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-09 15:22 - 2017-07-14 03:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-09 15:22 - 2017-07-08 17:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 15:22 - 2017-07-08 17:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 15:22 - 2017-07-07 17:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-09 15:22 - 2017-07-07 17:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 15:22 - 2017-07-07 17:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-09 15:22 - 2017-07-07 17:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 15:22 - 2017-07-07 17:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 15:22 - 2017-07-07 17:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 15:22 - 2017-07-07 17:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-09 15:22 - 2017-07-07 17:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-09 15:22 - 2017-07-07 17:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 15:22 - 2017-07-07 17:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 15:22 - 2017-07-07 17:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 15:22 - 2017-07-07 17:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 15:22 - 2017-07-07 16:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-09 15:22 - 2017-07-07 16:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 15:22 - 2017-07-07 16:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 15:22 - 2017-07-07 16:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 15:22 - 2017-07-07 16:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 15:22 - 2017-07-07 16:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 15:22 - 2017-07-07 16:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 15:22 - 2017-07-07 16:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-09 15:22 - 2017-07-07 16:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-09 15:22 - 2017-07-07 16:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-09 15:22 - 2017-07-07 16:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-09 15:22 - 2017-07-07 16:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-09 15:22 - 2017-07-07 16:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-04 19:49 - 2017-08-04 19:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DesktopAPM
2017-08-04 19:49 - 2017-08-04 19:49 - 000001038 _____ C:\Users\Administrator\Desktop\DESKTO~1.del
2017-08-04 19:49 - 2017-08-04 19:49 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop APM
2017-08-04 19:49 - 2017-08-04 19:49 - 000000000 ____D C:\Program Files (x86)\Desktop APM
2017-08-03 23:24 - 2017-08-03 23:24 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Red Dot Games
2017-07-30 03:32 - 2017-07-30 03:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Guild 2 - Renaissance
2017-07-30 01:19 - 2017-07-30 01:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-07-30 01:19 - 2017-07-30 01:19 - 000000000 ____D C:\Program Files\7-Zip
2017-07-30 01:18 - 2017-07-30 01:18 - 001381582 _____ (Igor Pavlov) C:\Users\Administrator\Downloads\7z1604-x64.exe
2017-07-27 16:16 - 2017-07-27 16:22 - 000000000 ____D C:\Users\Administrator\Documents\GTA Vice City User Files
2017-07-27 16:16 - 2017-07-27 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto Vice City
2017-07-25 13:59 - 2017-07-25 13:59 - 000001753 _____ C:\Users\Public\Desktop\ITUNES.del
2017-07-25 13:59 - 2017-07-25 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-07-25 13:59 - 2017-07-25 13:59 - 000000000 ____D C:\Program Files\iTunes
2017-07-25 13:59 - 2017-07-25 13:59 - 000000000 ____D C:\Program Files\iPod

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-08-24 23:33 - 2009-07-14 06:45 - 000029760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-24 23:33 - 2009-07-14 06:45 - 000029760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-24 23:27 - 2011-04-12 09:43 - 000699416 _____ C:\Windows\system32\perfh007.dat
2017-08-24 23:27 - 2011-04-12 09:43 - 000149556 _____ C:\Windows\system32\perfc007.dat
2017-08-24 23:27 - 2009-07-14 07:13 - 001620612 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-24 23:27 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-08-24 23:21 - 2017-05-10 21:08 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-24 23:20 - 2016-02-20 04:08 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-24 23:20 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-23 22:57 - 2016-02-19 23:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-08-23 22:57 - 2016-02-19 23:25 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-23 22:47 - 2016-02-19 23:44 - 000000000 ____D C:\Users\Administrator
2017-08-23 22:42 - 2017-06-02 13:32 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-08-23 22:42 - 2016-03-16 20:28 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-08-23 22:22 - 2016-03-16 20:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-23 22:22 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-08-23 22:13 - 2017-05-04 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-08-23 22:01 - 2017-05-18 19:35 - 000000000 ____D C:\Program Files\Opera
2017-08-23 22:00 - 2016-02-19 23:44 - 000001433 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-23 21:55 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-08-23 18:06 - 2016-12-05 04:48 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Curse Client
2017-08-23 17:14 - 2017-05-14 18:48 - 000046395 _____ C:\Users\Administrator\Desktop\Ikariam Produktion.xlsx
2017-08-23 16:20 - 2016-03-15 22:10 - 000000023 _____ C:\Windows\ODBCINST.INI
2017-08-23 16:15 - 2016-03-04 15:16 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Spotify
2017-08-23 15:57 - 2016-08-13 13:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\HelloGames
2017-08-23 07:18 - 2017-04-06 02:07 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-08-17 18:53 - 2016-04-25 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-08-17 17:55 - 2017-07-22 22:03 - 000000000 ____D C:\Users\Administrator\Documents\Pro Cycling Manager 2017
2017-08-17 17:55 - 2017-07-22 22:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Pro Cycling Manager 2017
2017-08-12 17:27 - 2016-07-01 12:00 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-10 16:17 - 2009-07-14 06:45 - 000450864 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-10 07:02 - 2016-03-02 17:39 - 000000000 ____D C:\Windows\system32\MRT
2017-08-10 06:58 - 2016-03-02 17:39 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-09 06:58 - 2016-03-15 08:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-08-08 16:48 - 2016-06-22 04:48 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-08-04 06:51 - 2016-02-20 00:17 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-08-04 06:51 - 2016-02-20 00:17 - 000000000 ____D C:\ProgramData\Oracle
2017-08-04 06:51 - 2016-02-20 00:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-04 06:51 - 2016-02-20 00:17 - 000000000 ____D C:\Program Files (x86)\Java
2017-07-27 16:16 - 2016-02-20 15:07 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-07-26 20:58 - 2017-07-17 07:52 - 000004273 _____ C:\test.spr
2017-07-26 12:23 - 2017-05-08 20:49 - 000000000 ____D C:\ProgramData\Skype

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-03-30 21:18 - 2016-04-28 08:31 - 000004069 _____ () C:\Users\Administrator\AppData\Roaming\LTspiceIV.ini
2017-03-15 18:16 - 2016-02-18 00:30 - 015384576 _____ () C:\Users\Administrator\AppData\Roaming\Sandra.mdb
2017-08-23 21:59 - 2017-08-23 21:59 - 007324160 _____ () C:\Users\Administrator\AppData\Local\agent.dat
2017-08-23 21:59 - 2017-08-23 21:59 - 000070800 _____ () C:\Users\Administrator\AppData\Local\Config.xml
2017-08-23 21:59 - 2017-08-23 21:59 - 000019008 _____ () C:\Users\Administrator\AppData\Local\INSTALLATIONCONFIGURATION.del
2017-08-23 21:59 - 2017-08-23 21:59 - 000140800 _____ () C:\Users\Administrator\AppData\Local\installer.dat
2017-08-23 21:59 - 2017-08-23 21:59 - 001895382 _____ () C:\Users\Administrator\AppData\Local\KayCom.bin
2017-08-23 21:59 - 2017-08-23 21:59 - 000018432 _____ () C:\Users\Administrator\AppData\Local\Main.dat
2017-08-23 21:59 - 2017-08-23 21:59 - 000005568 _____ () C:\Users\Administrator\AppData\Local\md.xml
2017-08-23 21:59 - 2017-08-23 21:59 - 000126464 _____ () C:\Users\Administrator\AppData\Local\noah.dat
2017-08-23 21:59 - 2017-08-23 22:15 - 001847296 _____ () C:\Users\Administrator\AppData\Local\po.db
2017-08-23 21:59 - 2017-08-23 21:59 - 000278509 _____ () C:\Users\Administrator\AppData\Local\Quo-Fax.bin
2017-08-23 21:59 - 2017-08-23 21:59 - 000136803 _____ () C:\Users\Administrator\AppData\Local\Tincore.bin
2017-08-23 21:59 - 2017-08-23 21:59 - 000001150 _____ () C:\Users\Administrator\AppData\Local\uninstall_temp.ico
2017-08-23 21:59 - 2017-08-23 21:59 - 002554368 _____ (TODO: <Company name>) C:\Users\Administrator\AppData\Local\Zot-Light.exe
2017-08-23 21:59 - 2017-08-23 21:59 - 001899372 _____ () C:\Users\Administrator\AppData\Local\Zot-Light.tst

Einige Dateien in TEMP:
====================
2017-08-04 06:48 - 2017-08-04 06:48 - 000740416 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-08-23 21:21 - 2017-08-23 21:21 - 000109568 _____ () C:\Users\Administrator\AppData\Local\Temp\nsz881A.exe
2017-08-23 17:15 - 2017-08-23 17:15 - 000040448 _____ () C:\Users\Administrator\AppData\Local\Temp\proxy_vole2234134530613507216.dll
2017-08-23 17:15 - 2017-08-23 17:15 - 000040448 ____N () C:\Users\Administrator\AppData\Local\Temp\proxy_vole2884563901910322246.dll
2017-08-23 17:15 - 2017-08-23 17:15 - 000040448 ____N () C:\Users\Administrator\AppData\Local\Temp\proxy_vole5655386752938625535.dll
2017-08-23 15:50 - 2017-08-23 15:50 - 006473728 _____ () C:\Users\Administrator\AppData\Local\Temp\s2s.exe
2017-08-23 15:51 - 2017-08-23 15:50 - 001199825 _____ () C:\Users\Administrator\AppData\Local\Temp\unins000.exe
2017-06-22 12:16 - 2017-06-22 12:16 - 049533288 _____ (Sony) C:\Users\Administrator\AppData\Local\Temp\xcs1BFD.tmp.exe
2006-05-24 20:10 - 2006-05-24 20:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Administrator\AppData\Local\Temp\_is1CA5.exe
2006-05-24 20:10 - 2006-05-24 20:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Administrator\AppData\Local\Temp\_is60F5.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-08-24 20:16

==================== Ende von FRST.txt ============================
         


Alt 24.08.2017, 23:49   #6
Easy Frag
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-08-2017
durchgeführt von Administrator (24-08-2017 23:38:15)
Gestartet von C:\Users\Administrator\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-02-19 20:32:41)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2112160272-3594351332-598527768-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2112160272-3594351332-598527768-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2112160272-3594351332-598527768-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

60 Seconds! (HKLM\...\NjBzZWNvbmRz_is1) (Version: 1 - )
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
A Boy and His Blob (HKLM\...\Steam App 281200) (Version:  - Abstraction Games)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Alien Nations (HKLM-x32\...\GOGPACKALIENNATIONS_is1) (Version: 2.0.0.26 - GOG.com)
AlienFX for KoneXTD (HKLM\...\{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH) Hidden
AlienFX for KoneXTD (HKLM-x32\...\InstallShield_{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH)
Anno 1602 - Creation of a New World (HKLM-x32\...\1438168222_is1) (Version: 2.0.0.6 - GOG.com)
Anno 2205 Version 1.0 (HKLM-x32\...\{9D231988-619F-4A37-A19D-341EC4BBF719}_is1) (Version: 1.0 - UBISoft)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ArcaniA (HKLM-x32\...\ArcaniA_is1) (Version:  - )
Attribute Changer 8.60 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 8.60 - Romain Petges)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Belkin USB Wireless Adaptor (HKLM-x32\...\{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin)
Ben and Ed (HKLM\...\YmVuYW5kZWQ_is1) (Version: 1 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounty Train (HKLM-x32\...\Bounty Train_is1) (Version:  - )
Caesar IV (HKLM-x32\...\{B7666229-351B-47D9-AA6F-DF777CF04BBF}) (Version: 0.18.13 - Tilted Mill Entertainment)
Car Mechanic Simulator 2018 Silver Edition MULTi2 1.0.2 (HKLM-x32\...\Car Mechanic Simulator 2018 Silver Edition MULTi2 1.0.2) (Version: 1.0.2 - .x.X.RIDDICK.X.x.)
Car Mechanic Simulator 2018 Update v1.1.1 (HKLM\...\Y2FybWVjaGFuaWNzaW11bGF0b3IyMDE4_is1) (Version: 1 - )
Casino Empire (HKLM-x32\...\{42FA68A0-C0BC-11D6-B2FA-0010B5AC3B10}) (Version:  - )
Catan - Städte und Ritter (HKLM-x32\...\Catan - Staedte und Ritter) (Version: 1.220 - Catan GmbH)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{0F65F838-573B-4AE1-8A15-8E9DC157D157}) (Version: 3.1.07021 - Cisco Systems, Inc.) Hidden
Civilization VI Digital Deluxe Edition MULTi2 1.0 (HKLM-x32\...\Civilization VI Digital Deluxe Edition MULTi2 1.0) (Version:  - )
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Company of Heroes (New Steam Version) (HKLM\...\Steam App 228200) (Version:  - Relic)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Cossacks 3 Digital Deluxe Edition MULTI2 1.0 (HKLM-x32\...\Cossacks 3 Digital Deluxe Edition MULTI2 1.0) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Desktop APM (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Desktop APM) (Version:  - )
Die 12 Heldentaten des Herkules 6 SE Version 1.0.2 (HKLM-x32\...\{D0165150-2D24-4802-8395-2DA15C1A76AF}_is1) (Version: 1.0.2 - DELiGHT 2017)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Dual Monitor 1.22 (HKLM-x32\...\{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1) (Version: 1.22.021813 - Cristi Diaconu)
Dungeon Keeper (HKLM-x32\...\{B9E79070-56B6-4980-A7E9-C28D6480D050}) (Version: 1.0.0.1 - Electronic Arts)
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper II) (Version:  - )
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.4.37.20160609 - Landesfinanzdirektion Thüringen)
Emergency 2016 Limited Edition MULTi2 1.0 (HKLM-x32\...\Emergency 2016 Limited Edition MULTi2 1.0) (Version:  - )
Factorio version 0.12.26 (HKLM\...\Factorio_is1) (Version:  - )
Fallout Shelter (HKLM\...\Steam App 588430) (Version:  - Bethesda Game Studios)
Farming Simulator 17 (HKLM\...\ZmFybWluZ3NpbXVsYXRvcjE3_is1) (Version: 1 - )
Fritz 13 (HKLM-x32\...\{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}) (Version: 13.0.0.0 - ChessBase)
GOG.com The Settlers 3 (HKLM\...\{f707a2f1-2ed1-4560-a087-97aa176c3777}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition MULTI 11 (HKLM-x32\...\R292ZXJub3JvZlBva2VyMlByZW1pdW1FZGl0aW9uTVVMVEkxMQ==_is1) (Version: 1 - )
Grand Theft Auto IV Complete Edition Version 1.1.2.0 (HKLM-x32\...\Grand Theft Auto IV Complete Edition_is1) (Version: 1.1.2.0 - Rockstar Games)
Grand Theft Auto V Digital Deluxe Edition FIXED VERSION MULTi11 1.0.350.1 (HKLM-x32\...\Grand Theft Auto V Digital Deluxe Edition FIXED VERSION MULTi11 1.0.350.1) (Version:  - )
Grand Theft Auto V Digital Deluxe Edition Update 4 FIXED Version MULTi11 1.0.350.2 (HKLM-x32\...\Grand Theft Auto V Digital Deluxe Edition Update 4 FIXED Version MULTi11 1.0.350.2) (Version:  - )
Grand Theft Auto Vice City Version 1.1 (HKLM-x32\...\Grand Theft Auto Vice City_is1) (Version: 1.1 - Rockstar Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearts of Iron IV Field Marshal Edition MULTi7 - ElAmigos Version 1.0 (HKLM-x32\...\{9240BFB5-B3DE-4505-8351-5605EE8D4F84}_is1) (Version: 1.0 - Paradox Interactive)
Hero Defense - Haunted Island (HKLM-x32\...\Steam App 423620) (Version:  - Happy Tuesday)
Hero of the Kingdom (HKLM-x32\...\Hero of the Kingdomv1.00) (Version: v1.00 - Lonely Troops)
Herrscher des Olymp - Zeus & Poseidon Version 2.0 (HKLM-x32\...\{2F32318C-A833-410A-BE7D-E409A614B607}_is1) (Version: 2.0 - Sierra)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Human Resource Machine (HKLM\...\Steam App 375820) (Version:  - Tomorrow Corporation)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\{517CC397-B22F-4593-8DCB-DE72CC541E9A}) (Version: 3.0.1 - Riot Games ) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mario Kart 8 MULTi8 1.0 (HKLM-x32\...\Mario Kart 8 MULTi8 1.0) (Version: 1.0 - x.X.RIDDICK.X.x)
Medieval II: Total War (HKLM\...\Steam App 4700) (Version:  - The Creative Assembly)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft: Story Mode - A Telltale Games Series (HKLM\...\bWluZWNyYWZ0c3Rvcnltb2RlYXRlbGx0YWxlZ2FtZXNzZXJpZXM_is1) (Version: 1 - )
Mini Metro (HKLM\...\Steam App 287980) (Version:  - Dinosaur Polo Club)
Monopoly (HKLM-x32\...\{D7E7EC5E-4349-4E40-B37C-4342188B86EC}) (Version:  - )
MSI Afterburner 4.3.0 Beta 14 (HKLM-x32\...\Afterburner) (Version: 4.3.0 Beta 14 - MSI Co., LTD)
MSI Kombustor 3.5.2.1 (64-bit) (HKLM\...\{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1) (Version:  - MSI Co., LTD)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera Stable 47.0.2631.55 (HKLM-x32\...\Opera 47.0.2631.55) (Version: 47.0.2631.55 - Opera Software)
Orcs Must Die! 2 Complete (HKLM-x32\...\Orcs Must Die! 2 Complete_is1) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.14.21968 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.106.20.0 - Overwolf Ltd.)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM\...\Steam App 24240) (Version:  - OVERKILL Software)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pizza Tycoon 2 (HKLM-x32\...\1175067557_is1) (Version: 2.0.0.3 - GOG.com)
Planetbase Version 1.1.1 (HKLM-x32\...\{B779ADEB-8E07-4801-B910-51A5D4992EB6}_is1) (Version: 1.1.1 - Madruga Works)
Pro Cycling Manager 2017 MULTi9 - ElAmigos Version 1.0.2.3 (HKLM-x32\...\{6B881985-DFD9-4C1B-9C29-5C138C141411}_is1) (Version: 1.0.2.3 - Focus Home Interactive)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Railroad Pioneer (HKLM-x32\...\Steam App 306490) (Version:  - Kritzelkratz 3000)
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Rise of Venice (HKLM-x32\...\Rise of Venice_is1) (Version:  - )
RivaTuner Statistics Server 6.5.0 Beta 5 (HKLM-x32\...\RTSS) (Version: 6.5.0 Beta 5 - Unwinder)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
RollerCoaster Tycoon Deluxe (HKLM-x32\...\GOGPACKRTC_is1) (Version: 2.0.0.15 - GOG.com)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sid Meier's Railroads! (HKLM-x32\...\1445250539_is1) (Version: 2.0.0.6 - GOG.com)
Sir Henry's Anno 1602 Launcher 1.0 (HKLM-x32\...\Anno 1602 Launcher_is1) (Version:  - )
SiSoftware Sandra Lite 2016.SP1 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}_is1) (Version: 22.20.2016.3 - SiSoftware)
Skispringen 2007 (HKLM-x32\...\Skispringen 2007_0001) (Version:  - )
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Slime Rancher (HKLM-x32\...\1459259227_is1) (Version: 0.6.0c - GOG.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
StarCraft II German Trilogy Edition 3.05.39117 (HKLM-x32\...\StarCraft II German Trilogy Edition 3.05.39117) (Version:  - )
Stardew Valley (HKLM\...\c3RhcmRld3ZhbGxleQ_is1) (Version: 1 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader 2 - The Princess and The Pig (HKLM-x32\...\Stronghold Crusader 2 - The Princess and The Pig_is1) (Version:  - )
Supreme Commander - Forged Alliance (HKLM-x32\...\Supreme Commander - Forged Alliance_is1) (Version:  - )
Supreme Commander 2 (HKLM-x32\...\Supreme Commander 2_is1) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
THE GAME OF LIFE - The Official 2016 Edition (HKLM\...\dGhlZ2FtZW9mbGlmZXRoZW9mZmljaWFsMjAxNmVkaXRpb24_is1) (Version: 1 - )
The Guild 2 - Renaissance (HKLM-x32\...\{THEGUILDREN-0010-2010-300520102330}_is1) (Version:  - JoWooD Entertainment AG)
The Long Journey Home Update v1.23.14893 (HKLM\...\dGhlbG9uZ2pvdXJuZXlob21l_is1) (Version: 1 - )
The Next BIG Thing (Deutsch) (HKLM-x32\...\The Next BIG Thing (de)) (Version: 1.00 - CRIMSON COW)
The Political Machine 2016 - Campaign (HKLM-x32\...\The Political Machine 2016 - Campaign_is1) (Version:  - )
The Settlers 3 - Ultimate Collection (HKLM-x32\...\GOGPACKSETTLERS3_is1) (Version: 2.0.0.19 - GOG.com)
The Witness Version 1.0 u17 (HKLM-x32\...\{3FD8DC1C-BEB7-4086-A98B-C5B02E52DCA3}_is1) (Version: 1.0 u17 - Thekla, Inc.)
Theme Park World (HKLM-x32\...\Theme Park World) (Version:  - )
Theme Park World Fix (HKLM-x32\...\{42082D6A-7C60-4CD9-B6FC-81E6F1FA96EF}) (Version: 1.0.0 - Adam Hearn)
Total War ROME II MULTI-2 Incl Caesar in Gallien Kampagnenpaket DLC Plus Update 9 9.0 (HKLM-x32\...\Total War ROME II MULTI-2 Incl Caesar in Gallien Kampagnenpaket DLC Plus Update 9 9.0) (Version:  - )
Total War: ATTILA (HKLM\...\Steam App 325610) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version:  - The Creative Assembly)
TowerFall Ascension (HKLM\...\Steam App 251470) (Version:  - Matt Thorson)
Tropico 5 1.9 (HKLM-x32\...\Tropico 5 1.9) (Version: 1.9 - Black Poseidon)
Tropico 5 Complete Edition Update 2 1.9 (HKLM-x32\...\Tropico 5 Complete Edition Update 2 1.9) (Version: 1.9 - Black Poseidon)
Tropico 5 Complete Edition Update 3 10 (HKLM-x32\...\Tropico 5 Complete Edition Update 3 10) (Version: 10 - Black Poseidon)
Tropico 5 Espionage DLC 1.0 (HKLM-x32\...\Tropico 5 Espionage DLC 1.0) (Version: 1.0 - Black Poseidon)
True or False (HKLM\...\Steam App 521340) (Version:  - Vladimir Maslov)
Twitch (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UE4 Prerequisites (x64) (HKLM\...\{457BE011-43FF-44A7-9FA7-B3BE181E2076}) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
UnHackMe 9.10 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.5 - VideoLAN)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{058506CE-4E1C-4087-878E-61D8B5F8F47A}) (Version: 1.7.2.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{65415473-2761-4ee3-85c1-5fdf086444c6}) (Version: 1.7.2.0 - Sony)
Xperia Companion Service (HKLM\...\{86C9336F-6376-4E86-A09A-EA7177DEC3D5}) (Version: 1.7.2.0 - Sony) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Nützliche Programme\Notepad++\NppShell_06.dll [2016-11-02] ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Nützliche Programme\Virtual Clone Drive\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2016-12-30] (Romain Petges)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Nützliche Programme\Virtual Clone Drive\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2016-12-30] (Romain Petges)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-07-11] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {181A5C3F-F030-45F4-92A4-CA9E00C940B5} - \Apple\AppleSoftwareUpdate -> Keine Datei <==== ACHTUNG
Task: {5613DA51-734D-4778-BFC9-F9EA712BE2F4} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => C:\\ProgramData\\WindowsReporting\\wermgr.exe <==== ACHTUNG
Task: {856A07D8-0823-4713-938B-5802ED7DCD55} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {9D619410-DA6B-4C5F-89AA-DB5378A29035} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-23] (Google Inc.)
Task: {D3EF0E47-B5F2-4A31-9A21-701A7EDAEE31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-23] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-20 04:08 - 2016-07-11 01:17 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-20 04:08 - 2016-06-14 22:03 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2017-08-16 16:15 - 2017-08-16 16:15 - 090050136 _____ () C:\Program Files\Opera\47.0.2631.55\opera_browser.dll
2017-08-16 16:15 - 2017-08-16 16:15 - 003972696 _____ () C:\Program Files\Opera\47.0.2631.55\libglesv2.dll
2017-08-16 16:15 - 2017-08-16 16:15 - 000100440 _____ () C:\Program Files\Opera\47.0.2631.55\libegl.dll
2016-09-10 19:32 - 2016-09-10 19:32 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-08-13 13:26 - 2016-06-14 22:03 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-20 04:08 - 2016-06-14 22:03 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-02-19 23:37 - 2015-02-19 23:37 - 000063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-02-20 04:08 - 2016-06-14 22:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-05-29 01:54 - 2014-05-13 12:04 - 000109400 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-05-29 01:54 - 2014-05-13 12:04 - 000416600 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-05-29 01:54 - 2014-05-13 12:04 - 000167768 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-05-29 01:54 - 2012-08-23 10:38 - 000574840 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-05-29 01:54 - 2012-04-03 17:06 - 000565640 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2017-08-23 15:51 - 000001258 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2112160272-3594351332-598527768-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{5D02709F-D2B6-4C14-B914-3EB06264CF2B}] => (Allow) D:\Spiele\Steam\Steam.exe
FirewallRules: [{6FFA3EAF-C61E-4DBF-8A66-C9DCC227B9DB}] => (Allow) D:\Spiele\Steam\Steam.exe
FirewallRules: [{B48C84C3-ABF1-47A1-A62C-150A076D6CFE}] => (Allow) D:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{29841909-E7B1-4054-98D2-084D2808B680}] => (Allow) D:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{7448C66E-C82D-442E-AAB1-794CCB108C02}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{85A7F9B2-B764-496D-AEF8-C61DF13ADFA7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5FDC5D53-B130-4166-ADCA-6709CDC250E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A06F959A-12D5-4CE6-A9FF-63FF4598A11D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{394D46CF-C164-4F4B-9342-75068746950D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C08F6AF5-7A08-45F5-874A-4F2B49094386}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6922FA22-145B-4E51-ADA2-6FF3AAB44C10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EA565088-A69D-439C-A390-87E6E74DA690}] => (Allow) D:\Spiele\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4CD3CFE1-5F97-4C76-B3BC-66286ABA2029}] => (Allow) D:\Spiele\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E0565875-DB19-4EA8-88E9-B8801398B656}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{1EC74777-DC7B-4346-8D21-6391E87C1FA4}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{090AC3B5-C71E-496F-9270-8D18343AE4FE}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{7D983396-3308-433B-B0DE-2168B5326F59}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{AF4B392E-21F6-42A1-B21B-E6B5589F7100}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{5460D85A-DB80-4EB9-A313-DFC98005C3DC}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{18E77694-97E5-4D49-AC78-44CC32F2A393}] => (Allow) D:\Spiele\Steam\steamapps\common\Hero Defense - Haunted Island\HauntedIsland.exe
FirewallRules: [{AC3D1644-49F8-4B44-8EDF-921D1C6BC0E6}] => (Allow) D:\Spiele\Steam\steamapps\common\Hero Defense - Haunted Island\HauntedIsland.exe
FirewallRules: [{53E29C8A-6644-4B47-B4D2-C5F7927D871C}] => (Allow) D:\Spiele\Steam\steamapps\common\Railroad Pioneer\Bin\Railroad.exe
FirewallRules: [{AB37B407-147F-4CD7-A30B-6F1F21F69AFF}] => (Allow) D:\Spiele\Steam\steamapps\common\Railroad Pioneer\Bin\Railroad.exe
FirewallRules: [TCP Query User{FD2864D7-4D98-4701-85C2-21D6731F4DDC}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{60C408C6-1F5F-4B1C-AC7C-3FB9B7703A99}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A99F5477-754D-4FB0-AC30-6C8E6681A1C0}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{17A2F595-D800-45DC-BEE7-A5E7B0E35125}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [{935A9EB1-F613-486E-A3F2-33F7A711B979}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83729861-D43D-4F71-9709-E1F38A55B655}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{33FFA099-8D74-4808-B19A-B59ED177EBC3}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{46296334-0A83-4EC1-8918-CC395E3F32A9}D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe] => (Allow) D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe
FirewallRules: [UDP Query User{DF49203F-255A-4835-89B2-5258F46F262D}D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe] => (Allow) D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe
FirewallRules: [TCP Query User{C90B8D27-170E-4A30-94A7-E286EF105C1E}D:\spiele\total war rome ii\rome2.exe] => (Allow) D:\spiele\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{CABD4DFD-6B1B-4A38-877A-187A8BA3E44C}D:\spiele\total war rome ii\rome2.exe] => (Allow) D:\spiele\total war rome ii\rome2.exe
FirewallRules: [{036FD55D-1B4C-4589-B4B3-6A62F4EE17F5}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{42300BF1-6D79-483E-9794-4B9B009F8515}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{C8835F64-E195-4DF4-8198-1F541F3FAEBB}] => (Allow) D:\Spiele\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{DD0B9CAE-B6C8-48D9-8CFE-0E85DC5068ED}] => (Allow) D:\Spiele\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{60703736-47DF-4A33-B41C-C261B39B8191}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{7F4BBA8F-1767-4227-9872-5EC65AE18149}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{8FEC043B-AA50-4F07-A09B-8F3417E070FA}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{074CA5EC-76EC-4203-97E2-F7CD713B2CAF}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{B1A1A9A1-8236-42DC-B48B-033177138531}] => (Allow) D:\Spiele\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{150626E4-9ACC-45D9-B201-7F9D9595451B}] => (Allow) D:\Spiele\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{9DFE3BEF-4E6C-4CA8-B201-DABC3D979FDA}] => (Allow) D:\Spiele\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe
FirewallRules: [{CA8D98AC-E7E4-4774-B799-32449DF7B68B}] => (Allow) D:\Spiele\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe
FirewallRules: [TCP Query User{791CBCEC-5A78-4A5F-B95A-A80A4237B66E}D:\spiele\hearthstone\hearthstone.exe] => (Allow) D:\spiele\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{92A25983-612D-4214-B2E4-BFE0083CBBCF}D:\spiele\hearthstone\hearthstone.exe] => (Allow) D:\spiele\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E938539D-0C6C-4092-B8D7-7416CEE9E4D2}D:\spiele\antichamber\binaries\win32\udk.exe] => (Allow) D:\spiele\antichamber\binaries\win32\udk.exe
FirewallRules: [UDP Query User{0F3DF6CB-4E4B-487F-8830-6F4E7289E8CF}D:\spiele\antichamber\binaries\win32\udk.exe] => (Allow) D:\spiele\antichamber\binaries\win32\udk.exe
FirewallRules: [TCP Query User{FA83BF5C-5208-4E45-9C2F-DAC98F246AD4}D:\spiele\grand theft auto v\gta5.exe] => (Allow) D:\spiele\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A34673CA-728C-40E4-8DFE-F390A7440B9B}D:\spiele\grand theft auto v\gta5.exe] => (Allow) D:\spiele\grand theft auto v\gta5.exe
FirewallRules: [{9630AF97-9045-48A4-AB7F-5D949A3A79D3}] => (Allow) D:\Spiele\Steam\steamapps\common\A Boy and His Blob\Blob.exe
FirewallRules: [{182CA197-6268-4F37-8921-FD1CF7E2B057}] => (Allow) D:\Spiele\Steam\steamapps\common\A Boy and His Blob\Blob.exe
FirewallRules: [TCP Query User{3F61DA2D-4EDB-41BD-82C5-E042E3DA75BA}D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe] => (Block) D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{5EDE669A-C901-4519-AD80-8271A61D0A88}D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe] => (Block) D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe
FirewallRules: [{E218463B-FFF3-45AF-AF59-A45C0C41B2B9}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{75D70054-9F5D-42B6-B19B-71B7B76B6856}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{C2B52FC0-57E7-4B9B-801A-FE2F4B813A89}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{EC499626-3CA8-4C86-82F1-9815CA227F48}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{2FA652A8-019D-4614-B5C0-86DECB56B4E1}] => (Allow) D:\Spiele\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [{413752B0-FDB5-4E08-9FAD-67768198C6E1}] => (Allow) D:\Spiele\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [TCP Query User{24F1DE30-2ADB-42DA-8EC6-4A0B7DB74747}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{5AF1CDE1-6973-4488-8FB9-2EDE967EE8E1}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{902EA10D-0602-4974-BC16-26C1CAC68361}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{6E434183-4265-4113-9198-61E85226E1AB}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{491F7AE2-37A0-456D-B8CF-158CEC3A598B}D:\spiele\counter-strike source (no steam)\hl2.exe] => (Allow) D:\spiele\counter-strike source (no steam)\hl2.exe
FirewallRules: [UDP Query User{D3C47D24-0766-43E6-94A1-0E1FA53BE98A}D:\spiele\counter-strike source (no steam)\hl2.exe] => (Allow) D:\spiele\counter-strike source (no steam)\hl2.exe
FirewallRules: [TCP Query User{F6540D33-E609-4C86-8B5D-FE9ED162A532}D:\spiele\flatout 2\flatout2.exe] => (Allow) D:\spiele\flatout 2\flatout2.exe
FirewallRules: [UDP Query User{EAA6D1B6-9CF7-4C3E-82B2-9895D2B74945}D:\spiele\flatout 2\flatout2.exe] => (Allow) D:\spiele\flatout 2\flatout2.exe
FirewallRules: [TCP Query User{C1D8FC3E-3DF5-4C5E-8800-995F06B9CBF0}D:\spiele\world of padman\world of padman - spiel.exe] => (Block) D:\spiele\world of padman\world of padman - spiel.exe
FirewallRules: [UDP Query User{32258350-5938-4E3C-925F-FD8E3DCB6463}D:\spiele\world of padman\world of padman - spiel.exe] => (Block) D:\spiele\world of padman\world of padman - spiel.exe
FirewallRules: [TCP Query User{761155F5-C91A-4449-BF47-9521DBA12641}G:\cod modern warfare\iw3mp.exe] => (Allow) G:\cod modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{B4F0428B-CD55-4F1B-8C8E-D4DA972AC631}G:\cod modern warfare\iw3mp.exe] => (Allow) G:\cod modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{8C89C1EF-7BED-4F53-AE86-0C80C5A2A1D6}D:\spiele\cod 4\cod\iw3mp.exe] => (Allow) D:\spiele\cod 4\cod\iw3mp.exe
FirewallRules: [UDP Query User{C0596A31-D2EF-43CD-901B-C13B034A6A64}D:\spiele\cod 4\cod\iw3mp.exe] => (Allow) D:\spiele\cod 4\cod\iw3mp.exe
FirewallRules: [TCP Query User{DDE18B4D-9CE0-4D6F-A4F9-742836ED8E88}D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe
FirewallRules: [UDP Query User{982DF12D-41F8-4929-9043-59FFECC36A85}D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe
FirewallRules: [TCP Query User{6C01EAE6-A724-4EF4-A97E-F92C489AA048}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{49256B58-F16B-45EB-BA37-D030E4BEE218}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{14129D83-2C24-4FF5-96B0-44449A419CF2}D:\spiele\age of empires 2\the age of kings\empires2.exe] => (Allow) D:\spiele\age of empires 2\the age of kings\empires2.exe
FirewallRules: [UDP Query User{8B42FAD0-4900-4108-BCAA-85B200F7F897}D:\spiele\age of empires 2\the age of kings\empires2.exe] => (Allow) D:\spiele\age of empires 2\the age of kings\empires2.exe
FirewallRules: [TCP Query User{19FD3923-94F8-4C10-B82F-9CFC1E5568B3}D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe
FirewallRules: [UDP Query User{0D086238-D253-4FEC-9F43-5D699BD7E585}D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe
FirewallRules: [TCP Query User{4FBD02E4-6A07-4AF2-8603-40570B3EF22D}D:\spiele\warcraft iii\war3.exe] => (Allow) D:\spiele\warcraft iii\war3.exe
FirewallRules: [UDP Query User{8F828326-B1FE-47F5-911A-1D013E152952}D:\spiele\warcraft iii\war3.exe] => (Allow) D:\spiele\warcraft iii\war3.exe
FirewallRules: [TCP Query User{FA9AEBEE-D419-4D58-8EC0-E7EEE0F89815}D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe] => (Allow) D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe
FirewallRules: [UDP Query User{AC51A052-FFC3-439A-BE9B-0EC5685E88F5}D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe] => (Allow) D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe
FirewallRules: [TCP Query User{382F626B-A891-47BB-88EC-68427C595C19}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{9310B402-5286-413C-A1EA-9EBD37AE0492}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{DDBC55B4-7AA3-480C-9B9F-D868B1AB9A7E}] => (Allow) D:\Spiele\Steam\steamapps\common\True or False\TrueOrFalse.exe
FirewallRules: [{F7CC3BBB-F577-466A-B303-E8B35CA3F376}] => (Allow) D:\Spiele\Steam\steamapps\common\True or False\TrueOrFalse.exe
FirewallRules: [{2A07A4BA-5DA8-4D16-85B7-5631CD04157F}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{6BE5DBE5-FADE-419F-B775-0846A172D417}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{3509D227-ADA0-40D5-92D3-9BDD75438C9E}] => (Allow) D:\Program Files (x86)\Origin Games\Dungeon Keeper\DATA\DOSBox\DOSBox.exe
FirewallRules: [{1FE0EF2E-A951-4AC7-A04C-122C714E3491}] => (Allow) D:\Program Files (x86)\Origin Games\Dungeon Keeper\DATA\DOSBox\DOSBox.exe
FirewallRules: [TCP Query User{9264B8AD-6545-4025-B5D1-3D7764B6E46E}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{B8C30ED9-732D-4914-AC40-2A04FF7130BC}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [TCP Query User{298FF1E4-58B3-4780-8350-5E912133CB5B}D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E6A49C35-EDA5-40FF-930F-142BD28E7333}D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{33946618-F869-4BF8-8CD2-B1CFFAD98FE7}D:\spiele\farming simulator 17\dedicatedserver.exe] => (Allow) D:\spiele\farming simulator 17\dedicatedserver.exe
FirewallRules: [UDP Query User{DD7D7B04-FD89-4C35-A350-170E9C612663}D:\spiele\farming simulator 17\dedicatedserver.exe] => (Allow) D:\spiele\farming simulator 17\dedicatedserver.exe
FirewallRules: [TCP Query User{39F3F676-4700-4F6F-AE95-F16DD68931F9}D:\spiele\railroad tycoon 3\rt3.exe] => (Allow) D:\spiele\railroad tycoon 3\rt3.exe
FirewallRules: [UDP Query User{DA48B3A4-6FB4-46F3-874A-1C1B6359BC35}D:\spiele\railroad tycoon 3\rt3.exe] => (Allow) D:\spiele\railroad tycoon 3\rt3.exe
FirewallRules: [{978761B4-6E6F-40B6-A286-3025C9F652DC}] => (Allow) D:\Images\FIFA 15 Ultimate Team Edition\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{9F9C2B31-469E-4B5E-94C4-A1AA58372785}] => (Allow) D:\Images\FIFA 15 Ultimate Team Edition\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{B2AE2EBD-8E68-4389-B786-26BB61203754}C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A3BAC214-B1C9-460E-9DB7-5222854A7AC7}C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{2FEB554B-668C-4334-8127-D79AB522F76B}] => (Allow) D:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3550DB2F-9A83-44D8-B762-C4B2E7E2AFA7}] => (Allow) D:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8153103A-9C1F-4DD1-B6C4-D9B7AB5BC31D}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe
FirewallRules: [{ED9F96C0-CF08-443F-9990-CB83B2529520}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\RpcSandraSrv.exe
FirewallRules: [TCP Query User{E95DE146-1E58-4984-9726-2A41C096DC5B}D:\spiele\rise of venice\riseofvenice.exe] => (Allow) D:\spiele\rise of venice\riseofvenice.exe
FirewallRules: [UDP Query User{130C7A70-65FF-41E9-8CDB-2E6F7C313FE4}D:\spiele\rise of venice\riseofvenice.exe] => (Allow) D:\spiele\rise of venice\riseofvenice.exe
FirewallRules: [{0076A664-1F6E-4E32-8982-16E91EA8175E}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base38996\SC2_x64.exe
FirewallRules: [{409F00AB-C3F2-4702-A7F0-2B0299D26396}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base38996\SC2_x64.exe
FirewallRules: [{4D6CAC72-A665-4A0B-8A38-74EAE4106622}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C8DD86A8-3582-46F1-BBFC-EAE03D6DC7CB}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base52910\SC2_x64.exe
FirewallRules: [{57BA57BD-9A5B-41B8-9386-847CA664F89C}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base52910\SC2_x64.exe
FirewallRules: [{D2579AFE-FA51-42E4-A0BC-77EA41127C6A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{5DB42B66-CE0F-447F-80F2-0C2FEFC5FF2B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{F1AD07AF-9600-4342-BB57-33C116F0657D}] => (Allow) D:\Spiele\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{75BA888F-1050-414F-AE1A-7DB9C3BE0E91}] => (Allow) D:\Spiele\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{D40F0973-347B-4C51-8094-E8FA0EFAA123}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E9CE497-93B3-4636-BB54-5F4B7129B1CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E5130A9A-C542-41D1-88CE-45C54CA8BEEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F4A5E90-15CC-4BAB-BCD8-82103C764073}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{86BE054C-156B-41FA-B26C-962403714D74}D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe] => (Allow) D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe
FirewallRules: [UDP Query User{A38A004F-3EDD-46B0-805E-EFC14F90E02C}D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe] => (Allow) D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe
FirewallRules: [TCP Query User{57B8986C-3841-4BFD-87CF-557F40373065}D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe] => (Allow) D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe
FirewallRules: [UDP Query User{AE1B49E8-5531-455F-B743-A30B4067B3D7}D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe] => (Allow) D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe
FirewallRules: [TCP Query User{C46D8A88-E4E2-4395-9F36-71D9CA7CCF29}D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe] => (Allow) D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe
FirewallRules: [UDP Query User{DABDD353-21EA-485E-8170-0E6E8D358E04}D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe] => (Allow) D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe
FirewallRules: [{D08D042F-8A71-4631-BB5E-9AD33202E987}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{F3734456-4DC5-4EF3-B745-B8AAA76BEDF2}] => (Allow) D:\Spiele\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{701192D0-BE25-40AA-A3CA-12E4CB4A4683}] => (Allow) D:\Spiele\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{75D1F4EC-E354-42B1-A5F1-BFDAB95981A4}] => (Allow) D:\Spiele\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{08858A00-5557-47F4-B1A6-CC21C8253674}] => (Allow) D:\Spiele\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [TCP Query User{1921847B-DC1D-4071-A63D-D98E2C951E46}D:\spiele\pro cycling manager 2017\pcm64.exe] => (Allow) D:\spiele\pro cycling manager 2017\pcm64.exe
FirewallRules: [UDP Query User{81FDE38F-6F69-4257-9423-F7E5F57514B7}D:\spiele\pro cycling manager 2017\pcm64.exe] => (Allow) D:\spiele\pro cycling manager 2017\pcm64.exe
FirewallRules: [{8DDDBDCE-1F77-442A-82E2-F805BD053103}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1D89FAAE-8A2A-45D0-B671-8F6C3815DDA7}] => (Allow) C:\Program Files\Opera\47.0.2631.39\opera.exe
FirewallRules: [{793B3481-149C-4090-B74C-6C7B178D5BB1}] => (Allow) C:\Program Files\Opera\47.0.2631.55\opera.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{21411DC1-C4D3-499C-846B-15896474C549}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{BB16A2A2-3D57-48FB-BE76-B8D1BB7C2611}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{AF05D5F3-50FA-4F61-9F5C-1E0A8466E771}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{D487C9BD-8AC8-4364-912C-3BA790288922}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{99B56B24-9CF3-4CEA-9985-F330A7337253}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/24/2017 07:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 4.A.0.9.0.8.8.2.6.9.B.D.E.3.5.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Sebastian-PC-2.local.

Error: (08/24/2017 07:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   20 4.A.0.9.0.8.8.2.6.9.B.D.E.3.5.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Sebastian-PC.local.

Error: (08/24/2017 07:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 11.0.168.192.in-addr.arpa. PTR Sebastian-PC-2.local.

Error: (08/24/2017 07:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   20 11.0.168.192.in-addr.arpa. PTR Sebastian-PC.local.

Error: (08/24/2017 07:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Sebastian-PC.local already in use; will try Sebastian-PC-2.local instead

Error: (08/24/2017 07:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister   16 Sebastian-PC.local. AAAA FE80:0000:0000:0000:853E:DB96:2880:90A4

Error: (08/24/2017 07:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   16 Sebastian-PC.local. AAAA FD00:0C47:3D3F:C952:853E:DB96:2880:90A4

Error: (08/24/2017 07:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:    4 Sebastian-PC.local. Addr 192.168.0.11

Error: (08/24/2017 07:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 00000000015B29A0 Our Record 2 won:  8A19B21E   16 Sebastian-PC.local. AAAA FE80:0000:0000:0000:853E:DB96:2880:90A4

Error: (08/24/2017 07:08:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 00000000015B29A0 Pkt Record:        EB412CB7   16 Sebastian-PC.local. AAAA FD00:0C47:3D3F:C952:74B5:AEA5:442C:50D7


Systemfehler:
=============
Error: (08/24/2017 11:22:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
Das System kann die angegebene Datei nicht finden.

Error: (08/24/2017 11:21:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/24/2017 11:21:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (08/24/2017 07:09:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
Das System kann die angegebene Datei nicht finden.

Error: (08/24/2017 07:08:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/24/2017 07:08:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (08/24/2017 04:46:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
Das System kann die angegebene Datei nicht finden.

Error: (08/24/2017 04:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/24/2017 04:45:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (08/24/2017 06:45:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
Das System kann die angegebene Datei nicht finden.


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) II X6 1045T Processor
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 6141.09 MB
Verfügbarer physikalischer RAM: 2893.18 MB
Summe virtueller Speicher: 12280.37 MB
Verfügbarer virtueller Speicher: 8679.11 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:59.53 GB) (Free:5.76 GB) NTFS
Drive d: (Volume) (Fixed) (Total:3725.9 GB) (Free:1078.08 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 225F225F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 94A77791)

Partition: GPT.

==================== Ende von Addition.txt ============================
         
Lg

Easy

Alt 25.08.2017, 20:56   #7
Tician
/// TB-Senior
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Hi,

Bevor wir beginnen beachte bitte Folgendes:
  • Installiere/Deinstalliere bitte nichts während wir hier an deinem Problem arbeiten
  • Speicher alle unsere Tools auf dem Desktop ab (das ist später wichtig!)
  • Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach auf mehrere Posts aufteilen
  • Falls vorhanden: Logs die jünger als 1 Monat sind bitte posten
  • Verwende keine weiteren Tools ohne Aufforderung
  • Wichtig: Auch wenn dein Problem behoben scheint kann dein System noch infiziert sein, arbeite also bitte weiter bis ich dir ein "Clean" gebe

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst



Soweit sind keine schädlichen Prozesse mehr aktiv, allerdings hat der Trojaner am 23.8. ganz schön radau gemacht, wir sollten den lahm gelegten Windows Defender wieder auf die Beine kriegen und die ganzen abgelegten Dateien entfernen.

Könntest du die Log-Datei von UnhackMe bitte noch posten?

Mal schauen was unsere Tools finden und wo wir manuell ran müssen.



Schritt 1:

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    ATTFilter
    C:\Windows\45ba5e5e58acbc884104f9223c43f3a5.ps1
             
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.


Schritt 2:

Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.


Schritt 3:

Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel
    • Prefetch Dateien
    • Proxy
    • Winsock
    • IE Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 4:
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 5:
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.
__________________
Gruß Tician

Alt 27.08.2017, 15:42   #8
Easy Frag
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Dass kein schädlicher Task mehr aktiv ist hört man schon mal gerne.

1.Virustotalreport
https://www.virustotal.com/#/file/7f4efcee8e737f2bef1c4f4b7f3ea5745a63d99acea47088bcfeef186abf2654/detection

2.CKS-Ergebnis
Code:
ATTFilter
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\windows\prefetch\windows loader.exe-76b648de.pf
scanner sequence 3.AP.11.FSAACA
 ----- EOF -----
         
3.AdwCleanerlog
Code:
ATTFilter
# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 27 12:56:48 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 7 Ultimate (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\Temp\Smartbar
Deleted: C:\ProgramData\5e41da7a-1961-0
Deleted: C:\ProgramData\5e41da7a-2303-1
Deleted: C:\ProgramData\e05800be-2285-0
Deleted: C:\ProgramData\e05800be-3441-1
Deleted: C:\Windows\Installer\{77C0A8C7-2542-4163-8656-8332BC6C3651}
Deleted: C:\Windows\Installer\{77C0A8C7-2542-4163-8656-8332BC6C3651}
Deleted: C:\Windows\Installer\{B009DFB1-305D-4740-B8DB-8CE37AC7B874}


***** [ Files ] *****

Deleted: C:\Users\Administrator\AppData\Local\Main.dat
Deleted: C:\END
Deleted: C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
Deleted: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\searchplugins\findit.xml
Deleted: C:\Windows\System32\findit.xml
Deleted: C:\Windows\SysWOW64\findit.xml


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: Microsoft\Windows\Windows Error Reporting\ErrorReporting


***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted: [Key] - HKU\S-1-5-21-2112160272-3594351332-598527768-500\Software\VideoBox
Deleted: [Key] - HKCU\Software\VideoBox
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BF74EE-9106-4113-B216-2F980BA29141}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1C6F51F8-BCE6-4702-8952-6A8233359FBC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\DPBHO.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\DPBHO.DLL
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted: [Value] - HKCU\Environment|SNF
Deleted: [Value] - HKCU\Environment|SNP
Deleted: [Key] - HKU\S-1-5-21-2112160272-3594351332-598527768-500\Software\AppDataLow\Software\AppTrailers
Deleted: [Key] - HKCU\Software\AppDataLow\Software\AppTrailers
Deleted: [Key] - HKU\S-1-5-21-2112160272-3594351332-598527768-500\Software\FastDataX
Deleted: [Key] - HKCU\Software\FastDataX
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Value] - HKCU\Environment|SNF
Deleted: [Value] - HKCU\Environment|SNP
Deleted: [Key] - HKLM\SOFTWARE\OtherSearch
Deleted: [Key] - HKLM\SOFTWARE\mtPlusdax


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4357 B] - [2017/8/27 12:54:6]
C:/AdwCleaner/AdwCleaner[S1].txt - [4424 B] - [2017/8/27 12:56:22]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
         

Geändert von Easy Frag (27.08.2017 um 15:49 Uhr)

Alt 27.08.2017, 15:43   #9
Easy Frag
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Da mbam zu groß habe ich es aufgeteilt.

Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 27.08.17
Scan-Zeit: 15:03
Protokolldatei: mbam2.txt
Administrator: Ja

-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.160
Version des Aktualisierungspakets: 1.0.2668
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sebastian-PC\Administrator

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 349417
Erkannte Bedrohungen: 663
In die Quarantäne verschobene Bedrohungen: 663
Abgelaufene Zeit: 2 Min., 15 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 16
Adware.NeoBar, HKLM\SOFTWARE\CLASSES\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}, In Quarantäne, [514], [420739],1.0.2668
Adware.NeoBar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}, In Quarantäne, [514], [420739],1.0.2668
Adware.NeoBar, HKU\S-1-5-21-2112160272-3594351332-598527768-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}, In Quarantäne, [514], [420739],1.0.2668
Adware.NeoBar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}, In Quarantäne, [514], [420739],1.0.2668
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [973], [167924],1.0.2668
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect, In Quarantäne, [973], [167924],1.0.2668
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1, In Quarantäne, [973], [167924],1.0.2668
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}\InprocServer32, In Quarantäne, [973], [167924],1.0.2668
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}\InprocServer32, In Quarantäne, [973], [167924],1.0.2668
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}, In Quarantäne, [973], [167924],1.0.2668
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, In Quarantäne, [1172], [-1],0.0.0
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [14496], [252393],1.0.2668
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2112160272-3594351332-598527768-500\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, In Quarantäne, [5343], [425124],1.0.2668
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Plusdax.exe, In Quarantäne, [2248], [383093],1.0.2668
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [14496], [252393],1.0.2668
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2112160272-3594351332-598527768-500\CONSOLE\TASKENG.EXE, In Quarantäne, [5343], [425125],1.0.2668

Registrierungswert: 13
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In Quarantäne, [1172], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In Quarantäne, [1172], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In Quarantäne, [1172], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-2112160272-3594351332-598527768-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In Quarantäne, [1172], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In Quarantäne, [1172], [-1],0.0.0
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2112160272-3594351332-598527768-500\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, In Quarantäne, [5343], [425126],1.0.2668
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, [233], [-1],0.0.0
PUP.Optional.DownloadProtectExtension, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{724F5349-5570-4EE4-A11C-02A93D91DBDD}, In Quarantäne, [13660], [237883],1.0.2668
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, In Quarantäne, [14496], [252393],1.0.2668
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2112160272-3594351332-598527768-500\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, In Quarantäne, [5343], [425124],1.0.2668
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2112160272-3594351332-598527768-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, In Quarantäne, [233], [259988],1.0.2668
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, In Quarantäne, [14496], [252393],1.0.2668
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-2112160272-3594351332-598527768-500\CONSOLE\TASKENG.EXE|WINDOWPOSITION, In Quarantäne, [5343], [425125],1.0.2668

Registrierungsdaten: 2
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2112160272-3594351332-598527768-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Ersetzt, [233], [293485],1.0.2668
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2112160272-3594351332-598527768-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Ersetzt, [233], [293486],1.0.2668

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 145
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\concat-map\example, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\concat-map\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\balanced-match, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\concat-map, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight\node_modules\wrappy, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once\node_modules\wrappy, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\path-is-absolute, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\fs.realpath, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\string_decoder, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\build, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\inherits, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\example, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\ctype\man\man3ctype, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\tst\ber, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\lib\ber, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\assert-plus, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\ctype\tools, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\ctype\man, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\async\support, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\tst, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\test\modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\node_modules\punycode, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\ctype, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\async\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\cryptiles\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\examples, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\benchmark, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\cryptiles\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\sntp\examples, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\images, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\boom\images, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\graceful-fs, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\async, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\boom\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\bin, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\sntp\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\cryptiles, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\boom\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\sntp\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\json-stringify-safe\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\sntp, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\boom, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\underscore, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\async\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\json-stringify-safe, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\benchmark, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\async, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\mime-types\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\forever-agent, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tunnel-agent, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\examples, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\example, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\stringstream, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\images, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\oauth-sign, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\mime-types, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\aws-sign2, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\caseless, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\block-stream, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\inherits, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\examples, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\examples, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\lib, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\storage, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\NW4452_27694, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.DownloadProtect.Generic, C:\PROGRAM FILES\{27926DB0-34A2-46C4-8C1B-0195D65996EB}, In Quarantäne, [1545], [334834],1.0.2668
PUP.Optional.DownloadProtect.Generic, C:\PROGRAM FILES (X86)\{13880499-F198-4EE1-B7ED-C477DC572E5E}, In Quarantäne, [1545], [334834],1.0.2668

Datei: 487
PUP.Optional.DownloadProtect, C:\PROGRAM FILES (X86)\{13880499-F198-4EE1-B7ED-C477DC572E5E}\{39088199-A15E-4A31-8373-D21D5E502FC0}.BIN, In Quarantäne, [973], [167924],1.0.2668
PUP.Optional.SnapDo, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\OPERA SOFTWARE\OPERA STABLE\LOCAL STORAGE\HTTPS_SEARCH.SNAPDO.COM_0.LOCALSTORAGE-JOURNAL, In Quarantäne, [6628], [184974],1.0.2668
PUP.Optional.SnapDo, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\OPERA SOFTWARE\OPERA STABLE\LOCAL STORAGE\HTTPS_SEARCH.SNAPDO.COM_0.LOCALSTORAGE, In Quarantäne, [6628], [184974],1.0.2668
Adware.Tuto4PC.Generic, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\CSGQYFBQXO5\R13O5ZXSAYJ.EXE, In Quarantäne, [1306], [427500],1.0.2668
Adware.Tuto4PC.Generic, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\OLVI5SM3YTT\45JAIQGCVM1.EXE, In Quarantäne, [1306], [427500],1.0.2668
PUP.Optional.NovoOptimizer, C:\PROGRAM FILES\NOVO\NOVOONE.EXE, In Quarantäne, [8683], [427528],1.0.2668
PUP.Optional.NovoOptimizer, C:\Program Files\Novo\libeay32.dll, In Quarantäne, [8683], [427528],1.0.2668
PUP.Optional.NovoOptimizer, C:\Program Files\Novo\novoopt.exe, In Quarantäne, [8683], [427528],1.0.2668
PUP.Optional.NovoOptimizer, C:\Program Files\Novo\novoping.exe, In Quarantäne, [8683], [427528],1.0.2668
PUP.Optional.NovoOptimizer, C:\Program Files\Novo\npsvc.exe, In Quarantäne, [8683], [427528],1.0.2668
PUP.Optional.NovoOptimizer, C:\Program Files\Novo\ssleay32.dll, In Quarantäne, [8683], [427528],1.0.2668
PUP.Optional.NovoOptimizer, C:\Program Files\Novo\windriver.exe, In Quarantäne, [8683], [427528],1.0.2668
Adware.FileTour, C:\$RECYCLE.BIN\S-1-5-21-2112160272-3594351332-598527768-500\$RIEL0JS.ZIP, In Quarantäne, [165], [428131],1.0.2668
Adware.NETNS, C:\PROGRAM FILES\{27926DB0-34A2-46C4-8C1B-0195D65996EB}\{5541CD59-0D00-49F2-BD15-578C20FD4B49}.BIN, In Quarantäne, [1548], [406689],1.0.2668
PUP.Optional.Amonetize, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\AMIPIXEL.CFG, In Quarantäne, [6], [302488],1.0.2668
Trojan.Agent.WSB, C:\WINDOWS\SYSWOW64\MTXLFGIH.DLL, In Quarantäne, [8947], [127813],1.0.2668
Adware.Tuto4PC, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\AVBOOST.DEL, In Quarantäne, [721], [428164],1.0.2668
Adware.Wajam, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\S2S.EXE, In Quarantäne, [1172], [428253],1.0.2668
Generic.Malware/Suspicious, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\NSZ881A.EXE, In Quarantäne, [0], [392686],1.0.2668
Adware.Tuto4PC, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\IS-EON4A.TMP\BOOSTER.EXE, In Quarantäne, [721], [428581],1.0.2668
Adware.Tuto4PC, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\Q896Y7GPBA\SHO9LIBI.EXE, In Quarantäne, [721], [428581],1.0.2668
Adware.Linkury.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\CONFIG.XML, In Quarantäne, [1879], [404859],1.0.2668
Adware.Linkury.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\MD.XML, In Quarantäne, [1879], [404866],1.0.2668
Adware.Linkury, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\ZOT-LIGHT.EXE, In Quarantäne, [1991], [414962],1.0.2668
PUP.Optional.Linkury, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\QUO-FAX.BIN, In Quarantäne, [313], [331415],1.0.2668
Adware.Tuto4PC, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\Q896Y7GPBA\ONETWO.EXE, In Quarantäne, [721], [428581],1.0.2668
Adware.Tuto4PC, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\Q896Y7GPBA\SECONDL.EXE, In Quarantäne, [721], [428255],1.0.2668
Adware.Linkury.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\AGENT.DAT, In Quarantäne, [1879], [404872],1.0.2668
PUP.Optional.LogicHandler, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\KAYCOM.BIN, In Quarantäne, [3646], [24306],1.0.2668
Adware.Linkury.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\UNINSTALL_TEMP.ICO, In Quarantäne, [1879], [404862],1.0.2668
Adware.Linkury, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TINCORE.BIN, In Quarantäne, [1991], [396520],1.0.2668
Adware.Linkury.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\PO.DB, In Quarantäne, [1879], [412180],1.0.2668
Adware.Linkury.Generic, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\PO.DB, In Quarantäne, [1879], [418250],1.0.2668
Adware.SearchAwesome.TskLnk, C:\WINDOWS\45BA5E5E58ACBC884104F9223C43F3A5.PS1, In Quarantäne, [2332], [428239],1.0.2668
Adware.OxyPumper, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\JNPYVESYWR\WHLABGTNSA.EXE, In Quarantäne, [445], [428416],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\NW4452_27694\PACKAGE.JSON, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\close.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\expand.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\icon16.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\icon20.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\icon24.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\icon256.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\icon36.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\icon48.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\icon64.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\icontray.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\loader.gif, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\minimize.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\search.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\images\unexpand.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\examples\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\lib\cookies.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\lib\copy.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\lib\debug.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\lib\helpers.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\aws-sign2\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\aws-sign2\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\aws-sign2\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\lib\_stream_duplex.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\lib\_stream_passthrough.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\lib\_stream_readable.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\lib\_stream_transform.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\lib\_stream_writable.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\lib\util.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\float.patch, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\core-util-is\test.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\inherits\inherits.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\inherits\inherits_browser.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\inherits\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\inherits\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\build\build.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\component.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\isarray\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\string_decoder\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\string_decoder\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\node_modules\string_decoder\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\duplex.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\passthrough.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\readable.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\transform.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\node_modules\readable-stream\writable.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\test\basic-test.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\test\sauce.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\test\test.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\bl.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\LICENSE.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\bl\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\caseless\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\caseless\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\caseless\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\caseless\test.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\lib\combined_stream.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\lib\delayed_stream.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-delayed-http-upload.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-delayed-stream-auto-pause.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-delayed-stream-pause.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-delayed-stream.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-handle-source-errors.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-max-data-size.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-pipe-resumes.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\integration\test-proxy-readable.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\common.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\test\run.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\node_modules\delayed-stream\Readme.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\combined-stream\Readme.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\forever-agent\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\forever-agent\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\forever-agent\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\lib\form_data.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\async\lib\async.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\async\support\sync-package-managers.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\async\bower.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\async\component.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\async\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\async\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db\db.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db\HISTORY.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types\node_modules\mime-db\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types\HISTORY.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\node_modules\mime-types\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\form-data\Readme.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\example\usage.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\images\hawk.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\images\logo.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\lib\browser.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\lib\client.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\lib\crypto.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\lib\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\lib\server.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\lib\utils.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\boom\images\boom.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\boom\lib\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\boom\test\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\boom\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\boom\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\boom\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\cryptiles\lib\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\cryptiles\test\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\cryptiles\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\cryptiles\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\cryptiles\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\images\hoek.png, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\lib\escape.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\lib\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\test\modules\test1.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\test\modules\test2.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\test\modules\test3.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\test\escaper.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\test\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\package.json, In Quarantäne, [2606], [371306],1.0.2668
         

Alt 27.08.2017, 15:44   #10
Easy Frag
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Part 2

Code:
ATTFilter
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\hoek\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\sntp\examples\offset.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\sntp\examples\time.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\sntp\lib\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\sntp\test\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\sntp\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\sntp\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\node_modules\sntp\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\test\browser.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\test\client.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\test\crypto.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\test\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\test\message.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\test\readme.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\test\server.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\test\uri.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\test\utils.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\hawk\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\lib\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\lib\parser.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\lib\signer.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\lib\util.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\lib\verify.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\lib\ber\errors.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\lib\ber\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\lib\ber\reader.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\lib\ber\types.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\lib\ber\writer.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\lib\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\tst\ber\reader.test.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\tst\ber\writer.test.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\asn1\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\assert-plus\assert.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\assert-plus\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\assert-plus\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\ctype\man\man3ctype\ctio.3ctype, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\ctype\tools\jsl.conf, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\ctype\ctf.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\ctype\ctio.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\ctype\ctype.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\ctype\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\node_modules\ctype\README.old, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\http_signing.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\http-signature\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\json-stringify-safe\test\mocha.opts, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\json-stringify-safe\test\stringify_test.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\json-stringify-safe\CHANGELOG.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\json-stringify-safe\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\json-stringify-safe\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\json-stringify-safe\stringify.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\mime-types\lib\custom.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\mime-types\lib\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\mime-types\lib\mime.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\mime-types\lib\node.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\mime-types\component.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\mime-types\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\mime-types\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\mime-types\SOURCES.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\benchmark\bench.gnu, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\benchmark\bench.sh, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\benchmark\benchmark-native.c, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\benchmark\benchmark.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\benchmark\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\lib\sha1-browser.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\test\compare_v1.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\test\test.html, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\test\test.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\bower.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\component.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\LICENSE.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\uuid.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\node-uuid\v3.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\oauth-sign\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\oauth-sign\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\oauth-sign\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\oauth-sign\test.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\lib\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\lib\parse.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\lib\stringify.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\lib\utils.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\test\parse.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\test\stringify.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\CHANGELOG.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\CONTRIBUTING.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\qs\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\stringstream\example.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\stringstream\LICENSE.txt, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\stringstream\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\stringstream\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\stringstream\stringstream.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\lib\cookie.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\lib\memstore.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\lib\pathMatch.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\lib\permuteDomain.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\lib\pubsuffix.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\lib\store.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\node_modules\punycode\LICENSE-MIT.txt, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\node_modules\punycode\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\node_modules\punycode\punycode.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\node_modules\punycode\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tough-cookie\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tunnel-agent\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tunnel-agent\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\node_modules\tunnel-agent\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\CHANGELOG.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\CONTRIBUTING.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\disabled.appveyor.yml, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\release.sh, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\request\request.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\examples\extracter.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\examples\packer.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\examples\reader.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\lib\buffer-entry.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\lib\entry-writer.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\lib\entry.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\lib\extended-header-writer.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\lib\extended-header.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\lib\extract.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\lib\global-header-writer.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\lib\header.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\lib\pack.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\lib\parse.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\block-stream\block-stream.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\block-stream\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\block-stream\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\examples\filter-pipe.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\examples\pipe.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\examples\reader.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\examples\symlink-write.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\abstract.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\collect.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\dir-reader.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\dir-writer.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\file-reader.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\file-writer.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\get-type.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\link-reader.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\link-writer.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\proxy-reader.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\proxy-writer.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\reader.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\socket-reader.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\lib\writer.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\graceful-fs\fs.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\graceful-fs\graceful-fs.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\graceful-fs\legacy-streams.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\graceful-fs\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\graceful-fs\polyfills.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\graceful-fs\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\bin\cmd.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\bin\usage.txt, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\examples\pow.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\example\parse.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\test\dash.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\test\default_bool.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\test\dotted.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\test\long.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\test\parse.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\test\parse_modified.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\test\short.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\test\whitespace.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\node_modules\minimist\readme.markdown, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\chmod.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\clobber.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\mkdirp.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\opts_fs.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\opts_fs_sync.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\perm.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\perm_sync.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\race.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\rel.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\return.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\return_sync.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\root.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\sync.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\umask.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\test\umask_sync.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\mkdirp\readme.markdown, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\fs.realpath\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\fs.realpath\old.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\fs.realpath\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\fs.realpath\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight\node_modules\wrappy\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight\node_modules\wrappy\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight\node_modules\wrappy\wrappy.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight\inflight.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\inflight\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\balanced-match\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\balanced-match\LICENSE.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\balanced-match\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\balanced-match\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\concat-map\example\map.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\concat-map\test\map.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\concat-map\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\concat-map\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\node_modules\concat-map\README.markdown, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\node_modules\brace-expansion\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\minimatch.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\minimatch\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once\node_modules\wrappy\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once\node_modules\wrappy\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once\node_modules\wrappy\wrappy.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once\once.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\once\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\path-is-absolute\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\path-is-absolute\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\node_modules\path-is-absolute\readme.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\changelog.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\common.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\glob.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\node_modules\glob\sync.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\bin.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\node_modules\rimraf\rimraf.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\fstream.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\fstream\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\inherits\inherits.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\inherits\inherits_browser.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\inherits\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\node_modules\inherits\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\00-setup-fixtures.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\cb-never-called-1.0.1.tgz, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\dir-normalization.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\dir-normalization.tar, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\error-on-broken.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\extract-move.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\extract.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\fixtures.tgz, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\header.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\pack-no-proprietary.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\pack.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\parse-discard.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\parse.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\test\zz-cleanup.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\tar\tar.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\lib\config.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\lib\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\lib\utils.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\async\lib\async.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\async\component.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\async\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\async\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\benchmark\bench.gnu, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\benchmark\bench.sh, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\benchmark\benchmark-native.c, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\benchmark\benchmark.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\benchmark\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\lib\sha1-browser.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\test\compare_v1.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\test\test.html, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\test\test.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\bower.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\component.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\LICENSE.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\uuid.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\node-uuid\v3.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\underscore\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\underscore\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\underscore\underscore-min.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\underscore\underscore-min.map, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\node_modules\underscore\underscore.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test\event.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test\exception.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test\item.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test\middleware.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test\mocha.opts, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test\pageview.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test\send.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test\timing.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test\transaction.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\test\_enqueue.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\AcceptableParams.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\HISTORY.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\index.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\package.json, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\node_modules\universal-analytics\README.md, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\storage\storage.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\storage\storageUtil.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\index.html, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\jquery.min.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\main.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\report.bin, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\settings.js, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.AppTrailers.Generic, C:\Users\Administrator\AppData\Local\Temp\nw4452_27694\shallow.html, In Quarantäne, [2606], [371306],1.0.2668
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, In Quarantäne, [546], [391431],1.0.2668
Adware.Linkury.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NOAH.DAT, In Quarantäne, [1879], [404865],1.0.2668
Adware.Linkury.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\ZOT-LIGHT.TST, In Quarantäne, [1879], [404871],1.0.2668
PUP.Optional.DownloadProtect.Generic, C:\Program Files\{27926DB0-34A2-46C4-8C1B-0195D65996EB}\config.json, In Quarantäne, [1545], [334834],1.0.2668
PUP.Optional.DownloadProtect.Generic, C:\Program Files\{27926DB0-34A2-46C4-8C1B-0195D65996EB}\def.bin, In Quarantäne, [1545], [334834],1.0.2668
Adware.Wajam, C:\WINDOWS\AE3E709C41C32739103C91949B6ECC64.EXE, In Quarantäne, [1172], [428254],1.0.2668
PUP.Optional.DownloadProtect.Generic, C:\Program Files (x86)\{13880499-F198-4EE1-B7ED-C477DC572E5E}\config.json, In Quarantäne, [1545], [334834],1.0.2668
PUP.Optional.DownloadProtect.Generic, C:\Program Files (x86)\{13880499-F198-4EE1-B7ED-C477DC572E5E}\def.bin, In Quarantäne, [1545], [334834],1.0.2668

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         

Alt 27.08.2017, 15:44   #11
Easy Frag
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



5.FRST-log

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
durchgeführt von Administrator (Administrator) auf SEBASTIAN-PC (27-08-2017 15:20:38)
Gestartet von C:\Users\Administrator\Downloads
Geladene Profile: Administrator (Verfügbare Profile: Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe
(Opera Software) C:\Program Files\Opera\47.0.2631.55\opera.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\MountPoints2: {8f4dba2e-d7bb-11e5-92e4-001fd097aa98} - E:\setup.exe
BootExecute: autocheck autochk * sdnclean64.exePartizan
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1BC3EF52-6087-47AE-A9A6-15B1B2DEE266}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1F289EB0-A2C8-4A07-A950-EDAF346D4359}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{52E2C328-7C77-4E37-93C7-B4E397C82ED5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5BE74D56-D472-4EAE-93A8-37D212CB2339}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{85704D9B-DCD8-40A5-8C5C-AEFF4323017F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2112160272-3594351332-598527768-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2112160272-3594351332-598527768-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-04] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: bci6t4gj.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default [2017-08-23]
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\user.js [2017-08-23]
FF Homepage: Mozilla\Firefox\Profiles\bci6t4gj.default -> about:blank
FF NewTab: Mozilla\Firefox\Profiles\bci6t4gj.default -> 
FF Extension: (Quick Searcher) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2017-08-23]
FF Extension: (Adblock Edge) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-04-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-20] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-11-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-11-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-04] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2112160272-3594351332-598527768-500: ubisoft.com/uplaypc -> D:\Spiele\Die Siedler 7\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [2013-02-26] (Ubisoft)

Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-08-27]
CHR Extension: (Google Präsentationen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-23]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-23]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-23]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-23]
CHR Extension: (Google Tabellen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-25]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-08-23]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; D:\Spiele\Origin\OriginClientService.exe [2169696 2017-07-17] (Electronic Arts)
S2 Origin Web Helper Service; D:\Spiele\Origin\OriginWebHelperService.exe [3149664 2017-07-17] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-08-02] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-09-10] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-09] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-05-31] (Sony)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-07-11] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-10] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-27] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-28] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-08-23] (Greatis Software)
S3 RTCore64; D:\Nützliche Programme\MSI Afterburner\RTCore64.sys [13512 2016-09-02] ()
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-02-19] (Cisco Systems, Inc.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-08-27 15:19 - 2017-08-27 15:19 - 000129251 _____ C:\Users\Administrator\Desktop\mbam.txt
2017-08-27 14:52 - 2017-08-27 14:56 - 000000000 ____D C:\AdwCleaner
2017-08-27 14:52 - 2017-08-27 14:52 - 008185288 _____ (Malwarebytes) C:\Users\Administrator\Desktop\adwcleaner_7.0.1.0.exe
2017-08-27 14:50 - 2017-08-27 14:50 - 000000179 _____ C:\Users\Administrator\Desktop\ckfiles.txt
2017-08-26 09:37 - 2017-08-26 09:38 - 000000000 ____D C:\Users\Administrator\Desktop\Neuer Ordner
2017-08-26 04:52 - 2017-08-26 04:52 - 000468480 _____ () C:\Users\Administrator\Desktop\CKScanner.exe
2017-08-23 22:57 - 2017-08-26 04:53 - 000002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-23 22:57 - 2017-08-26 04:53 - 000002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-23 22:56 - 2017-08-23 22:56 - 001130328 _____ (Google Inc.) C:\Users\Administrator\Downloads\ChromeSetup (1).exe
2017-08-23 22:56 - 2017-08-23 22:56 - 000003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-23 22:56 - 2017-08-23 22:56 - 000003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-23 22:47 - 2017-08-27 14:56 - 000000008 __RSH C:\Users\Administrator\ntuser.pol
2017-08-23 22:45 - 2017-08-27 15:11 - 000000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-08-23 22:41 - 2017-08-23 22:41 - 000000000 ____D C:\@RestoreQuarantine
2017-08-23 22:09 - 2017-08-23 22:44 - 000000000 ____D C:\Users\Administrator\Documents\RegRun2
2017-08-23 22:09 - 2017-08-23 22:43 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2017-08-23 22:09 - 2017-08-23 22:09 - 000040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2017-08-23 22:09 - 2017-08-23 22:09 - 000000002 RSHOT C:\Windows\winstart.bat
2017-08-23 22:09 - 2017-08-23 22:09 - 000000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-08-23 22:09 - 2017-08-23 22:09 - 000000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-08-23 22:09 - 2017-08-23 22:09 - 000000000 ____D C:\ProgramData\RegRun
2017-08-23 22:09 - 2017-08-23 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-08-23 22:09 - 2017-08-02 16:04 - 000014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2017-08-23 22:09 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2017-08-23 22:08 - 2017-08-23 22:12 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2017-08-23 22:07 - 2017-08-23 22:08 - 018826327 _____ C:\Users\Administrator\Downloads\unhackmeb.zip
2017-08-23 22:05 - 2017-08-23 22:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2017-08-23 22:03 - 2017-08-23 22:03 - 000000000 ____D C:\Program Files\AVAST Software
2017-08-23 22:02 - 2017-08-23 22:05 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-23 22:01 - 2017-08-23 22:01 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\npm
2017-08-23 22:01 - 2017-08-23 22:01 - 000000000 ____D C:\Program Files (x86)\nodejs
2017-08-23 21:59 - 2017-08-23 21:59 - 000140800 _____ C:\Users\Administrator\AppData\Local\installer.dat
2017-08-23 21:59 - 2017-08-23 21:59 - 000019008 _____ C:\Users\Administrator\AppData\Local\INSTALLATIONCONFIGURATION.del
2017-08-23 21:58 - 2017-08-27 15:07 - 000000000 ____D C:\Program Files\Novo
2017-08-23 21:55 - 2017-08-27 14:56 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-08-23 21:53 - 2017-08-23 22:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-08-23 21:51 - 2017-08-23 22:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\ToolInetInfo
2017-08-23 16:38 - 2017-08-24 23:38 - 000063892 _____ C:\Users\Administrator\Downloads\Addition.txt
2017-08-23 16:37 - 2017-08-27 15:20 - 000014683 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-08-23 16:37 - 2017-08-27 15:20 - 000000000 ____D C:\FRST
2017-08-23 16:37 - 2017-08-23 16:37 - 002395648 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2017-08-23 16:24 - 2017-08-23 16:24 - 001130328 _____ (Google Inc.) C:\Users\Administrator\Downloads\ChromeSetup.exe
2017-08-23 16:20 - 2017-08-23 16:20 - 000000000 ____D C:\Windows\system32\appmgmt
2017-08-23 15:51 - 2017-08-27 15:07 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\olvi5sm3ytt
2017-08-23 15:51 - 2017-08-27 15:07 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\csgqyfbqxo5
2017-08-23 15:51 - 2017-08-23 15:51 - 000000000 ____D C:\Windows\Azart
2017-08-23 13:32 - 2017-08-23 13:32 - 000039806 _____ C:\Windows\uninstaller.dat
2017-08-20 07:28 - 2017-08-20 07:28 - 000000000 ____D C:\Windows\rescache
2017-08-17 18:54 - 2017-08-17 18:54 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Monomi Park
2017-08-17 18:53 - 2017-08-17 18:53 - 000000000 ____D C:\ProgramData\GOG.com
2017-08-09 15:22 - 2017-07-29 16:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 15:22 - 2017-07-21 16:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-09 15:22 - 2017-07-21 16:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-09 15:22 - 2017-07-21 16:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-09 15:22 - 2017-07-21 16:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-09 15:22 - 2017-07-15 20:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-09 15:22 - 2017-07-15 19:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 15:22 - 2017-07-14 17:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 15:22 - 2017-07-14 17:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 15:22 - 2017-07-14 17:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 15:22 - 2017-07-14 17:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 15:22 - 2017-07-14 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-09 15:22 - 2017-07-14 17:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-09 15:22 - 2017-07-14 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-09 15:22 - 2017-07-14 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 15:22 - 2017-07-14 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-09 15:22 - 2017-07-14 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-09 15:22 - 2017-07-14 16:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 15:22 - 2017-07-14 16:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-09 15:22 - 2017-07-14 16:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-09 15:22 - 2017-07-14 09:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-09 15:22 - 2017-07-14 09:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-09 15:22 - 2017-07-14 08:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-09 15:22 - 2017-07-14 08:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-09 15:22 - 2017-07-14 08:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-09 15:22 - 2017-07-14 08:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-09 15:22 - 2017-07-14 08:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-09 15:22 - 2017-07-14 08:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-09 15:22 - 2017-07-14 08:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-09 15:22 - 2017-07-14 08:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-09 15:22 - 2017-07-14 08:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-09 15:22 - 2017-07-14 08:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-09 15:22 - 2017-07-14 08:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-09 15:22 - 2017-07-14 08:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-09 15:22 - 2017-07-14 08:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-09 15:22 - 2017-07-14 08:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-09 15:22 - 2017-07-14 08:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-09 15:22 - 2017-07-14 08:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-09 15:22 - 2017-07-14 07:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 15:22 - 2017-07-14 07:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-09 15:22 - 2017-07-14 07:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-09 15:22 - 2017-07-14 07:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-09 15:22 - 2017-07-14 07:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-09 15:22 - 2017-07-14 07:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-09 15:22 - 2017-07-14 07:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-09 15:22 - 2017-07-14 07:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-09 15:22 - 2017-07-14 07:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-09 15:22 - 2017-07-14 07:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-09 15:22 - 2017-07-14 07:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-09 15:22 - 2017-07-14 07:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-09 15:22 - 2017-07-14 07:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-09 15:22 - 2017-07-14 06:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-09 15:22 - 2017-07-14 06:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-09 15:22 - 2017-07-14 06:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-09 15:22 - 2017-07-14 05:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-09 15:22 - 2017-07-14 05:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-09 15:22 - 2017-07-14 04:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-09 15:22 - 2017-07-14 04:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-09 15:22 - 2017-07-14 04:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-09 15:22 - 2017-07-14 04:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-09 15:22 - 2017-07-14 04:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-09 15:22 - 2017-07-14 04:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-09 15:22 - 2017-07-14 04:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-09 15:22 - 2017-07-14 04:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-09 15:22 - 2017-07-14 04:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-09 15:22 - 2017-07-14 04:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-09 15:22 - 2017-07-14 04:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-09 15:22 - 2017-07-14 04:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-09 15:22 - 2017-07-14 04:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-09 15:22 - 2017-07-14 04:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-09 15:22 - 2017-07-14 04:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-09 15:22 - 2017-07-14 04:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-09 15:22 - 2017-07-14 04:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-09 15:22 - 2017-07-14 04:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-09 15:22 - 2017-07-14 04:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-09 15:22 - 2017-07-14 04:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-09 15:22 - 2017-07-14 04:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-09 15:22 - 2017-07-14 04:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-09 15:22 - 2017-07-14 04:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-09 15:22 - 2017-07-14 04:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-09 15:22 - 2017-07-14 04:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-09 15:22 - 2017-07-14 04:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-09 15:22 - 2017-07-14 04:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-09 15:22 - 2017-07-14 03:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-09 15:22 - 2017-07-14 03:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-09 15:22 - 2017-07-14 03:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-09 15:22 - 2017-07-08 17:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 15:22 - 2017-07-08 17:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 15:22 - 2017-07-07 17:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-09 15:22 - 2017-07-07 17:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 15:22 - 2017-07-07 17:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-09 15:22 - 2017-07-07 17:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 15:22 - 2017-07-07 17:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 15:22 - 2017-07-07 17:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 15:22 - 2017-07-07 17:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-09 15:22 - 2017-07-07 17:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-09 15:22 - 2017-07-07 17:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-09 15:22 - 2017-07-07 17:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 17:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 15:22 - 2017-07-07 17:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 15:22 - 2017-07-07 17:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 15:22 - 2017-07-07 17:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 15:22 - 2017-07-07 16:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-09 15:22 - 2017-07-07 16:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 15:22 - 2017-07-07 16:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 15:22 - 2017-07-07 16:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 15:22 - 2017-07-07 16:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 15:22 - 2017-07-07 16:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 15:22 - 2017-07-07 16:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 15:22 - 2017-07-07 16:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-09 15:22 - 2017-07-07 16:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-09 15:22 - 2017-07-07 16:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-09 15:22 - 2017-07-07 16:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-09 15:22 - 2017-07-07 16:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-09 15:22 - 2017-07-07 16:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 15:22 - 2017-07-07 16:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-09 15:22 - 2017-07-01 15:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-04 19:49 - 2017-08-04 19:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DesktopAPM
2017-08-04 19:49 - 2017-08-04 19:49 - 000001038 _____ C:\Users\Administrator\Desktop\DESKTO~1.del
2017-08-04 19:49 - 2017-08-04 19:49 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop APM
2017-08-04 19:49 - 2017-08-04 19:49 - 000000000 ____D C:\Program Files (x86)\Desktop APM
2017-08-03 23:24 - 2017-08-03 23:24 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Red Dot Games
2017-07-30 03:32 - 2017-07-30 03:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Guild 2 - Renaissance
2017-07-30 01:19 - 2017-07-30 01:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-07-30 01:19 - 2017-07-30 01:19 - 000000000 ____D C:\Program Files\7-Zip
2017-07-30 01:18 - 2017-07-30 01:18 - 001381582 _____ (Igor Pavlov) C:\Users\Administrator\Downloads\7z1604-x64.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-08-27 15:20 - 2009-07-14 06:45 - 000029760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-27 15:20 - 2009-07-14 06:45 - 000029760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-27 15:18 - 2011-04-12 09:43 - 000699416 _____ C:\Windows\system32\perfh007.dat
2017-08-27 15:18 - 2011-04-12 09:43 - 000149556 _____ C:\Windows\system32\perfc007.dat
2017-08-27 15:18 - 2009-07-14 07:13 - 001620612 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-27 15:18 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-08-27 15:12 - 2017-05-10 21:08 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-27 15:11 - 2016-02-20 04:08 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-27 15:11 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-27 15:10 - 2016-02-19 23:44 - 000001421 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-27 14:56 - 2016-02-19 23:44 - 000000000 ____D C:\Users\Administrator
2017-08-27 14:52 - 2017-05-04 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-08-27 14:37 - 2017-05-08 20:49 - 000000000 ____D C:\ProgramData\Skype
2017-08-23 22:57 - 2016-02-19 23:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-08-23 22:57 - 2016-02-19 23:25 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-23 22:42 - 2017-06-02 13:32 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-08-23 22:42 - 2016-03-16 20:28 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-08-23 22:22 - 2016-03-16 20:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-23 22:22 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-08-23 22:01 - 2017-05-18 19:35 - 000000000 ____D C:\Program Files\Opera
2017-08-23 18:06 - 2016-12-05 04:48 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Curse Client
2017-08-23 17:14 - 2017-05-14 18:48 - 000046395 _____ C:\Users\Administrator\Desktop\Ikariam Produktion.xlsx
2017-08-23 16:20 - 2016-03-15 22:10 - 000000023 _____ C:\Windows\ODBCINST.INI
2017-08-23 16:15 - 2016-03-04 15:16 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Spotify
2017-08-23 15:57 - 2016-08-13 13:24 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\HelloGames
2017-08-23 07:18 - 2017-04-06 02:07 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-08-17 18:53 - 2016-04-25 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-08-17 17:55 - 2017-07-22 22:03 - 000000000 ____D C:\Users\Administrator\Documents\Pro Cycling Manager 2017
2017-08-17 17:55 - 2017-07-22 22:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Pro Cycling Manager 2017
2017-08-12 17:27 - 2016-07-01 12:00 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-10 16:17 - 2009-07-14 06:45 - 000450864 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-10 07:02 - 2016-03-02 17:39 - 000000000 ____D C:\Windows\system32\MRT
2017-08-10 06:58 - 2016-03-02 17:39 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-09 06:58 - 2016-03-15 08:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-08-08 16:48 - 2016-06-22 04:48 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-08-04 06:51 - 2016-02-20 00:17 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-08-04 06:51 - 2016-02-20 00:17 - 000000000 ____D C:\ProgramData\Oracle
2017-08-04 06:51 - 2016-02-20 00:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-04 06:51 - 2016-02-20 00:17 - 000000000 ____D C:\Program Files (x86)\Java

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-03-30 21:18 - 2016-04-28 08:31 - 000004069 _____ () C:\Users\Administrator\AppData\Roaming\LTspiceIV.ini
2017-03-15 18:16 - 2016-02-18 00:30 - 015384576 _____ () C:\Users\Administrator\AppData\Roaming\Sandra.mdb
2017-08-23 21:59 - 2017-08-23 21:59 - 000019008 _____ () C:\Users\Administrator\AppData\Local\INSTALLATIONCONFIGURATION.del
2017-08-23 21:59 - 2017-08-23 21:59 - 000140800 _____ () C:\Users\Administrator\AppData\Local\installer.dat

Einige Dateien in TEMP:
====================
2017-08-04 06:48 - 2017-08-04 06:48 - 000740416 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-08-23 17:15 - 2017-08-23 17:15 - 000040448 _____ () C:\Users\Administrator\AppData\Local\Temp\proxy_vole2234134530613507216.dll
2017-08-23 17:15 - 2017-08-23 17:15 - 000040448 ____N () C:\Users\Administrator\AppData\Local\Temp\proxy_vole2884563901910322246.dll
2017-08-23 17:15 - 2017-08-23 17:15 - 000040448 ____N () C:\Users\Administrator\AppData\Local\Temp\proxy_vole5655386752938625535.dll
2017-08-23 15:51 - 2017-08-23 15:50 - 001199825 _____ () C:\Users\Administrator\AppData\Local\Temp\unins000.exe
2017-06-22 12:16 - 2017-06-22 12:16 - 049533288 _____ (Sony) C:\Users\Administrator\AppData\Local\Temp\xcs1BFD.tmp.exe
2006-05-24 20:10 - 2006-05-24 20:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Administrator\AppData\Local\Temp\_is1CA5.exe
2006-05-24 20:10 - 2006-05-24 20:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Administrator\AppData\Local\Temp\_is60F5.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-08-24 20:16

==================== Ende von FRST.txt ============================
         

Alt 27.08.2017, 15:46   #12
Easy Frag
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Addition.txt

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-08-2017
durchgeführt von Administrator (27-08-2017 15:21:13)
Gestartet von C:\Users\Administrator\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-02-19 20:32:41)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2112160272-3594351332-598527768-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2112160272-3594351332-598527768-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2112160272-3594351332-598527768-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

60 Seconds! (HKLM\...\NjBzZWNvbmRz_is1) (Version: 1 - )
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
A Boy and His Blob (HKLM\...\Steam App 281200) (Version:  - Abstraction Games)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Alien Nations (HKLM-x32\...\GOGPACKALIENNATIONS_is1) (Version: 2.0.0.26 - GOG.com)
AlienFX for KoneXTD (HKLM\...\{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH) Hidden
AlienFX for KoneXTD (HKLM-x32\...\InstallShield_{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH)
Anno 1602 - Creation of a New World (HKLM-x32\...\1438168222_is1) (Version: 2.0.0.6 - GOG.com)
Anno 2205 Version 1.0 (HKLM-x32\...\{9D231988-619F-4A37-A19D-341EC4BBF719}_is1) (Version: 1.0 - UBISoft)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ArcaniA (HKLM-x32\...\ArcaniA_is1) (Version:  - )
Attribute Changer 8.60 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 8.60 - Romain Petges)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Belkin USB Wireless Adaptor (HKLM-x32\...\{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.09 - Belkin)
Ben and Ed (HKLM\...\YmVuYW5kZWQ_is1) (Version: 1 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounty Train (HKLM-x32\...\Bounty Train_is1) (Version:  - )
Caesar IV (HKLM-x32\...\{B7666229-351B-47D9-AA6F-DF777CF04BBF}) (Version: 0.18.13 - Tilted Mill Entertainment)
Car Mechanic Simulator 2018 Silver Edition MULTi2 1.0.2 (HKLM-x32\...\Car Mechanic Simulator 2018 Silver Edition MULTi2 1.0.2) (Version: 1.0.2 - .x.X.RIDDICK.X.x.)
Car Mechanic Simulator 2018 Update v1.1.1 (HKLM\...\Y2FybWVjaGFuaWNzaW11bGF0b3IyMDE4_is1) (Version: 1 - )
Casino Empire (HKLM-x32\...\{42FA68A0-C0BC-11D6-B2FA-0010B5AC3B10}) (Version:  - )
Catan - Städte und Ritter (HKLM-x32\...\Catan - Staedte und Ritter) (Version: 1.220 - Catan GmbH)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{0F65F838-573B-4AE1-8A15-8E9DC157D157}) (Version: 3.1.07021 - Cisco Systems, Inc.) Hidden
Civilization VI Digital Deluxe Edition MULTi2 1.0 (HKLM-x32\...\Civilization VI Digital Deluxe Edition MULTi2 1.0) (Version:  - )
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Company of Heroes (New Steam Version) (HKLM\...\Steam App 228200) (Version:  - Relic)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Cossacks 3 Digital Deluxe Edition MULTI2 1.0 (HKLM-x32\...\Cossacks 3 Digital Deluxe Edition MULTI2 1.0) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Desktop APM (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Desktop APM) (Version:  - )
Die 12 Heldentaten des Herkules 6 SE Version 1.0.2 (HKLM-x32\...\{D0165150-2D24-4802-8395-2DA15C1A76AF}_is1) (Version: 1.0.2 - DELiGHT 2017)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Dual Monitor 1.22 (HKLM-x32\...\{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1) (Version: 1.22.021813 - Cristi Diaconu)
Dungeon Keeper (HKLM-x32\...\{B9E79070-56B6-4980-A7E9-C28D6480D050}) (Version: 1.0.0.1 - Electronic Arts)
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper II) (Version:  - )
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.4.37.20160609 - Landesfinanzdirektion Thüringen)
Emergency 2016 Limited Edition MULTi2 1.0 (HKLM-x32\...\Emergency 2016 Limited Edition MULTi2 1.0) (Version:  - )
Factorio version 0.12.26 (HKLM\...\Factorio_is1) (Version:  - )
Fallout Shelter (HKLM\...\Steam App 588430) (Version:  - Bethesda Game Studios)
Farming Simulator 17 (HKLM\...\ZmFybWluZ3NpbXVsYXRvcjE3_is1) (Version: 1 - )
Fritz 13 (HKLM-x32\...\{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}) (Version: 13.0.0.0 - ChessBase)
GOG.com The Settlers 3 (HKLM\...\{f707a2f1-2ed1-4560-a087-97aa176c3777}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition MULTI 11 (HKLM-x32\...\R292ZXJub3JvZlBva2VyMlByZW1pdW1FZGl0aW9uTVVMVEkxMQ==_is1) (Version: 1 - )
Grand Theft Auto IV Complete Edition Version 1.1.2.0 (HKLM-x32\...\Grand Theft Auto IV Complete Edition_is1) (Version: 1.1.2.0 - Rockstar Games)
Grand Theft Auto V Digital Deluxe Edition FIXED VERSION MULTi11 1.0.350.1 (HKLM-x32\...\Grand Theft Auto V Digital Deluxe Edition FIXED VERSION MULTi11 1.0.350.1) (Version:  - )
Grand Theft Auto V Digital Deluxe Edition Update 4 FIXED Version MULTi11 1.0.350.2 (HKLM-x32\...\Grand Theft Auto V Digital Deluxe Edition Update 4 FIXED Version MULTi11 1.0.350.2) (Version:  - )
Grand Theft Auto Vice City Version 1.1 (HKLM-x32\...\Grand Theft Auto Vice City_is1) (Version: 1.1 - Rockstar Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearts of Iron IV Field Marshal Edition MULTi7 - ElAmigos Version 1.0 (HKLM-x32\...\{9240BFB5-B3DE-4505-8351-5605EE8D4F84}_is1) (Version: 1.0 - Paradox Interactive)
Hero Defense - Haunted Island (HKLM-x32\...\Steam App 423620) (Version:  - Happy Tuesday)
Hero of the Kingdom (HKLM-x32\...\Hero of the Kingdomv1.00) (Version: v1.00 - Lonely Troops)
Herrscher des Olymp - Zeus & Poseidon Version 2.0 (HKLM-x32\...\{2F32318C-A833-410A-BE7D-E409A614B607}_is1) (Version: 2.0 - Sierra)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Human Resource Machine (HKLM\...\Steam App 375820) (Version:  - Tomorrow Corporation)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\{517CC397-B22F-4593-8DCB-DE72CC541E9A}) (Version: 3.0.1 - Riot Games ) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mario Kart 8 MULTi8 1.0 (HKLM-x32\...\Mario Kart 8 MULTi8 1.0) (Version: 1.0 - x.X.RIDDICK.X.x)
Medieval II: Total War (HKLM\...\Steam App 4700) (Version:  - The Creative Assembly)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft: Story Mode - A Telltale Games Series (HKLM\...\bWluZWNyYWZ0c3Rvcnltb2RlYXRlbGx0YWxlZ2FtZXNzZXJpZXM_is1) (Version: 1 - )
Mini Metro (HKLM\...\Steam App 287980) (Version:  - Dinosaur Polo Club)
Monopoly (HKLM-x32\...\{D7E7EC5E-4349-4E40-B37C-4342188B86EC}) (Version:  - )
MSI Afterburner 4.3.0 Beta 14 (HKLM-x32\...\Afterburner) (Version: 4.3.0 Beta 14 - MSI Co., LTD)
MSI Kombustor 3.5.2.1 (64-bit) (HKLM\...\{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1) (Version:  - MSI Co., LTD)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera Stable 47.0.2631.55 (HKLM-x32\...\Opera 47.0.2631.55) (Version: 47.0.2631.55 - Opera Software)
Orcs Must Die! 2 Complete (HKLM-x32\...\Orcs Must Die! 2 Complete_is1) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.14.21968 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.106.20.0 - Overwolf Ltd.)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM\...\Steam App 24240) (Version:  - OVERKILL Software)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pizza Tycoon 2 (HKLM-x32\...\1175067557_is1) (Version: 2.0.0.3 - GOG.com)
Planetbase Version 1.1.1 (HKLM-x32\...\{B779ADEB-8E07-4801-B910-51A5D4992EB6}_is1) (Version: 1.1.1 - Madruga Works)
Pro Cycling Manager 2017 MULTi9 - ElAmigos Version 1.0.2.3 (HKLM-x32\...\{6B881985-DFD9-4C1B-9C29-5C138C141411}_is1) (Version: 1.0.2.3 - Focus Home Interactive)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Railroad Pioneer (HKLM-x32\...\Steam App 306490) (Version:  - Kritzelkratz 3000)
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Rise of Venice (HKLM-x32\...\Rise of Venice_is1) (Version:  - )
RivaTuner Statistics Server 6.5.0 Beta 5 (HKLM-x32\...\RTSS) (Version: 6.5.0 Beta 5 - Unwinder)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
RollerCoaster Tycoon Deluxe (HKLM-x32\...\GOGPACKRTC_is1) (Version: 2.0.0.15 - GOG.com)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sid Meier's Railroads! (HKLM-x32\...\1445250539_is1) (Version: 2.0.0.6 - GOG.com)
Sir Henry's Anno 1602 Launcher 1.0 (HKLM-x32\...\Anno 1602 Launcher_is1) (Version:  - )
SiSoftware Sandra Lite 2016.SP1 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2596}_is1) (Version: 22.20.2016.3 - SiSoftware)
Skispringen 2007 (HKLM-x32\...\Skispringen 2007_0001) (Version:  - )
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Slime Rancher (HKLM-x32\...\1459259227_is1) (Version: 0.6.0c - GOG.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
StarCraft II German Trilogy Edition 3.05.39117 (HKLM-x32\...\StarCraft II German Trilogy Edition 3.05.39117) (Version:  - )
Stardew Valley (HKLM\...\c3RhcmRld3ZhbGxleQ_is1) (Version: 1 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader 2 - The Princess and The Pig (HKLM-x32\...\Stronghold Crusader 2 - The Princess and The Pig_is1) (Version:  - )
Supreme Commander - Forged Alliance (HKLM-x32\...\Supreme Commander - Forged Alliance_is1) (Version:  - )
Supreme Commander 2 (HKLM-x32\...\Supreme Commander 2_is1) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
THE GAME OF LIFE - The Official 2016 Edition (HKLM\...\dGhlZ2FtZW9mbGlmZXRoZW9mZmljaWFsMjAxNmVkaXRpb24_is1) (Version: 1 - )
The Guild 2 - Renaissance (HKLM-x32\...\{THEGUILDREN-0010-2010-300520102330}_is1) (Version:  - JoWooD Entertainment AG)
The Long Journey Home Update v1.23.14893 (HKLM\...\dGhlbG9uZ2pvdXJuZXlob21l_is1) (Version: 1 - )
The Next BIG Thing (Deutsch) (HKLM-x32\...\The Next BIG Thing (de)) (Version: 1.00 - CRIMSON COW)
The Political Machine 2016 - Campaign (HKLM-x32\...\The Political Machine 2016 - Campaign_is1) (Version:  - )
The Settlers 3 - Ultimate Collection (HKLM-x32\...\GOGPACKSETTLERS3_is1) (Version: 2.0.0.19 - GOG.com)
The Witness Version 1.0 u17 (HKLM-x32\...\{3FD8DC1C-BEB7-4086-A98B-C5B02E52DCA3}_is1) (Version: 1.0 u17 - Thekla, Inc.)
Theme Park World (HKLM-x32\...\Theme Park World) (Version:  - )
Theme Park World Fix (HKLM-x32\...\{42082D6A-7C60-4CD9-B6FC-81E6F1FA96EF}) (Version: 1.0.0 - Adam Hearn)
Total War ROME II MULTI-2 Incl Caesar in Gallien Kampagnenpaket DLC Plus Update 9 9.0 (HKLM-x32\...\Total War ROME II MULTI-2 Incl Caesar in Gallien Kampagnenpaket DLC Plus Update 9 9.0) (Version:  - )
Total War: ATTILA (HKLM\...\Steam App 325610) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version:  - The Creative Assembly)
TowerFall Ascension (HKLM\...\Steam App 251470) (Version:  - Matt Thorson)
Tropico 5 1.9 (HKLM-x32\...\Tropico 5 1.9) (Version: 1.9 - Black Poseidon)
Tropico 5 Complete Edition Update 2 1.9 (HKLM-x32\...\Tropico 5 Complete Edition Update 2 1.9) (Version: 1.9 - Black Poseidon)
Tropico 5 Complete Edition Update 3 10 (HKLM-x32\...\Tropico 5 Complete Edition Update 3 10) (Version: 10 - Black Poseidon)
Tropico 5 Espionage DLC 1.0 (HKLM-x32\...\Tropico 5 Espionage DLC 1.0) (Version: 1.0 - Black Poseidon)
True or False (HKLM\...\Steam App 521340) (Version:  - Vladimir Maslov)
Twitch (HKU\S-1-5-21-2112160272-3594351332-598527768-500\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UE4 Prerequisites (x64) (HKLM\...\{457BE011-43FF-44A7-9FA7-B3BE181E2076}) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{b46d36bc-2438-471e-abe8-1fbbd51754ee}) (Version: 1.0.10.0 - Epic Games, Inc.)
UnHackMe 9.10 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.5 - VideoLAN)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{058506CE-4E1C-4087-878E-61D8B5F8F47A}) (Version: 1.7.2.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{65415473-2761-4ee3-85c1-5fdf086444c6}) (Version: 1.7.2.0 - Sony)
Xperia Companion Service (HKLM\...\{86C9336F-6376-4E86-A09A-EA7177DEC3D5}) (Version: 1.7.2.0 - Sony) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Nützliche Programme\Notepad++\NppShell_06.dll [2016-11-02] ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Nützliche Programme\Virtual Clone Drive\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2016-12-30] (Romain Petges)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Nützliche Programme\Virtual Clone Drive\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2016-12-30] (Romain Petges)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-07-11] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {181A5C3F-F030-45F4-92A4-CA9E00C940B5} - \Apple\AppleSoftwareUpdate -> Keine Datei <==== ACHTUNG
Task: {856A07D8-0823-4713-938B-5802ED7DCD55} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {9D619410-DA6B-4C5F-89AA-DB5378A29035} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-23] (Google Inc.)
Task: {D3EF0E47-B5F2-4A31-9A21-701A7EDAEE31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-23] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-20 04:08 - 2016-07-11 01:17 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-02 12:31 - 2016-11-02 12:31 - 000230064 _____ () D:\Nützliche Programme\Notepad++\NppShell_06.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-20 04:08 - 2016-06-14 22:03 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-09-10 19:32 - 2016-09-10 19:32 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-08-13 13:26 - 2016-06-14 22:03 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-20 04:08 - 2016-06-14 22:03 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-08-13 13:26 - 2016-06-14 22:03 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-08-16 16:15 - 2017-08-16 16:15 - 090050136 _____ () C:\Program Files\Opera\47.0.2631.55\opera_browser.dll
2017-08-16 16:15 - 2017-08-16 16:15 - 003972696 _____ () C:\Program Files\Opera\47.0.2631.55\libglesv2.dll
2017-08-16 16:15 - 2017-08-16 16:15 - 000100440 _____ () C:\Program Files\Opera\47.0.2631.55\libegl.dll
2015-02-19 23:37 - 2015-02-19 23:37 - 000063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-02-20 04:08 - 2016-06-14 22:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-05-29 01:54 - 2014-05-13 12:04 - 000109400 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-05-29 01:54 - 2014-05-13 12:04 - 000416600 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-05-29 01:54 - 2014-05-13 12:04 - 000167768 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-05-29 01:54 - 2012-08-23 10:38 - 000574840 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-05-29 01:54 - 2012-04-03 17:06 - 000565640 ____N () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2017-08-23 15:51 - 000001258 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2112160272-3594351332-598527768-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{5D02709F-D2B6-4C14-B914-3EB06264CF2B}] => (Allow) D:\Spiele\Steam\Steam.exe
FirewallRules: [{6FFA3EAF-C61E-4DBF-8A66-C9DCC227B9DB}] => (Allow) D:\Spiele\Steam\Steam.exe
FirewallRules: [{B48C84C3-ABF1-47A1-A62C-150A076D6CFE}] => (Allow) D:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{29841909-E7B1-4054-98D2-084D2808B680}] => (Allow) D:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{7448C66E-C82D-442E-AAB1-794CCB108C02}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{85A7F9B2-B764-496D-AEF8-C61DF13ADFA7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5FDC5D53-B130-4166-ADCA-6709CDC250E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A06F959A-12D5-4CE6-A9FF-63FF4598A11D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{394D46CF-C164-4F4B-9342-75068746950D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C08F6AF5-7A08-45F5-874A-4F2B49094386}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6922FA22-145B-4E51-ADA2-6FF3AAB44C10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EA565088-A69D-439C-A390-87E6E74DA690}] => (Allow) D:\Spiele\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4CD3CFE1-5F97-4C76-B3BC-66286ABA2029}] => (Allow) D:\Spiele\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E0565875-DB19-4EA8-88E9-B8801398B656}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{1EC74777-DC7B-4346-8D21-6391E87C1FA4}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{090AC3B5-C71E-496F-9270-8D18343AE4FE}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{7D983396-3308-433B-B0DE-2168B5326F59}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{AF4B392E-21F6-42A1-B21B-E6B5589F7100}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{5460D85A-DB80-4EB9-A313-DFC98005C3DC}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{18E77694-97E5-4D49-AC78-44CC32F2A393}] => (Allow) D:\Spiele\Steam\steamapps\common\Hero Defense - Haunted Island\HauntedIsland.exe
FirewallRules: [{AC3D1644-49F8-4B44-8EDF-921D1C6BC0E6}] => (Allow) D:\Spiele\Steam\steamapps\common\Hero Defense - Haunted Island\HauntedIsland.exe
FirewallRules: [{53E29C8A-6644-4B47-B4D2-C5F7927D871C}] => (Allow) D:\Spiele\Steam\steamapps\common\Railroad Pioneer\Bin\Railroad.exe
FirewallRules: [{AB37B407-147F-4CD7-A30B-6F1F21F69AFF}] => (Allow) D:\Spiele\Steam\steamapps\common\Railroad Pioneer\Bin\Railroad.exe
FirewallRules: [TCP Query User{FD2864D7-4D98-4701-85C2-21D6731F4DDC}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{60C408C6-1F5F-4B1C-AC7C-3FB9B7703A99}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A99F5477-754D-4FB0-AC30-6C8E6681A1C0}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{17A2F595-D800-45DC-BEE7-A5E7B0E35125}C:\users\administrator\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\administrator\appdata\roaming\spotify\spotify.exe
FirewallRules: [{935A9EB1-F613-486E-A3F2-33F7A711B979}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83729861-D43D-4F71-9709-E1F38A55B655}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{33FFA099-8D74-4808-B19A-B59ED177EBC3}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{46296334-0A83-4EC1-8918-CC395E3F32A9}D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe] => (Allow) D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe
FirewallRules: [UDP Query User{DF49203F-255A-4835-89B2-5258F46F262D}D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe] => (Allow) D:\spiele\stronghold crusader 2 - the princess and the pig\bin\win32_release\crusader2.exe
FirewallRules: [TCP Query User{C90B8D27-170E-4A30-94A7-E286EF105C1E}D:\spiele\total war rome ii\rome2.exe] => (Allow) D:\spiele\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{CABD4DFD-6B1B-4A38-877A-187A8BA3E44C}D:\spiele\total war rome ii\rome2.exe] => (Allow) D:\spiele\total war rome ii\rome2.exe
FirewallRules: [{036FD55D-1B4C-4589-B4B3-6A62F4EE17F5}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{42300BF1-6D79-483E-9794-4B9B009F8515}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{C8835F64-E195-4DF4-8198-1F541F3FAEBB}] => (Allow) D:\Spiele\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{DD0B9CAE-B6C8-48D9-8CFE-0E85DC5068ED}] => (Allow) D:\Spiele\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{60703736-47DF-4A33-B41C-C261B39B8191}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{7F4BBA8F-1767-4227-9872-5EC65AE18149}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{8FEC043B-AA50-4F07-A09B-8F3417E070FA}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{074CA5EC-76EC-4203-97E2-F7CD713B2CAF}] => (Allow) D:\Spiele\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{B1A1A9A1-8236-42DC-B48B-033177138531}] => (Allow) D:\Spiele\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{150626E4-9ACC-45D9-B201-7F9D9595451B}] => (Allow) D:\Spiele\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{9DFE3BEF-4E6C-4CA8-B201-DABC3D979FDA}] => (Allow) D:\Spiele\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe
FirewallRules: [{CA8D98AC-E7E4-4774-B799-32449DF7B68B}] => (Allow) D:\Spiele\Steam\steamapps\common\Human Resource Machine\Human Resource Machine.exe
FirewallRules: [TCP Query User{791CBCEC-5A78-4A5F-B95A-A80A4237B66E}D:\spiele\hearthstone\hearthstone.exe] => (Allow) D:\spiele\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{92A25983-612D-4214-B2E4-BFE0083CBBCF}D:\spiele\hearthstone\hearthstone.exe] => (Allow) D:\spiele\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E938539D-0C6C-4092-B8D7-7416CEE9E4D2}D:\spiele\antichamber\binaries\win32\udk.exe] => (Allow) D:\spiele\antichamber\binaries\win32\udk.exe
FirewallRules: [UDP Query User{0F3DF6CB-4E4B-487F-8830-6F4E7289E8CF}D:\spiele\antichamber\binaries\win32\udk.exe] => (Allow) D:\spiele\antichamber\binaries\win32\udk.exe
FirewallRules: [TCP Query User{FA83BF5C-5208-4E45-9C2F-DAC98F246AD4}D:\spiele\grand theft auto v\gta5.exe] => (Allow) D:\spiele\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A34673CA-728C-40E4-8DFE-F390A7440B9B}D:\spiele\grand theft auto v\gta5.exe] => (Allow) D:\spiele\grand theft auto v\gta5.exe
FirewallRules: [{9630AF97-9045-48A4-AB7F-5D949A3A79D3}] => (Allow) D:\Spiele\Steam\steamapps\common\A Boy and His Blob\Blob.exe
FirewallRules: [{182CA197-6268-4F37-8921-FD1CF7E2B057}] => (Allow) D:\Spiele\Steam\steamapps\common\A Boy and His Blob\Blob.exe
FirewallRules: [TCP Query User{3F61DA2D-4EDB-41BD-82C5-E042E3DA75BA}D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe] => (Block) D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{5EDE669A-C901-4519-AD80-8271A61D0A88}D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe] => (Block) D:\images\fifa 15 ultimate team edition\fifa 15\fifa15.exe
FirewallRules: [{E218463B-FFF3-45AF-AF59-A45C0C41B2B9}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{75D70054-9F5D-42B6-B19B-71B7B76B6856}] => (Allow) D:\Spiele\Steam\steamapps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{C2B52FC0-57E7-4B9B-801A-FE2F4B813A89}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{EC499626-3CA8-4C86-82F1-9815CA227F48}] => (Allow) D:\Spiele\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{2FA652A8-019D-4614-B5C0-86DECB56B4E1}] => (Allow) D:\Spiele\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [{413752B0-FDB5-4E08-9FAD-67768198C6E1}] => (Allow) D:\Spiele\Steam\steamapps\common\TowerFall\TowerFall.exe
FirewallRules: [TCP Query User{24F1DE30-2ADB-42DA-8EC6-4A0B7DB74747}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{5AF1CDE1-6973-4488-8FB9-2EDE967EE8E1}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{902EA10D-0602-4974-BC16-26C1CAC68361}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{6E434183-4265-4113-9198-61E85226E1AB}D:\spiele\cod modern warfare\iw3mp.exe] => (Allow) D:\spiele\cod modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{491F7AE2-37A0-456D-B8CF-158CEC3A598B}D:\spiele\counter-strike source (no steam)\hl2.exe] => (Allow) D:\spiele\counter-strike source (no steam)\hl2.exe
FirewallRules: [UDP Query User{D3C47D24-0766-43E6-94A1-0E1FA53BE98A}D:\spiele\counter-strike source (no steam)\hl2.exe] => (Allow) D:\spiele\counter-strike source (no steam)\hl2.exe
FirewallRules: [TCP Query User{F6540D33-E609-4C86-8B5D-FE9ED162A532}D:\spiele\flatout 2\flatout2.exe] => (Allow) D:\spiele\flatout 2\flatout2.exe
FirewallRules: [UDP Query User{EAA6D1B6-9CF7-4C3E-82B2-9895D2B74945}D:\spiele\flatout 2\flatout2.exe] => (Allow) D:\spiele\flatout 2\flatout2.exe
FirewallRules: [TCP Query User{C1D8FC3E-3DF5-4C5E-8800-995F06B9CBF0}D:\spiele\world of padman\world of padman - spiel.exe] => (Block) D:\spiele\world of padman\world of padman - spiel.exe
FirewallRules: [UDP Query User{32258350-5938-4E3C-925F-FD8E3DCB6463}D:\spiele\world of padman\world of padman - spiel.exe] => (Block) D:\spiele\world of padman\world of padman - spiel.exe
FirewallRules: [TCP Query User{761155F5-C91A-4449-BF47-9521DBA12641}G:\cod modern warfare\iw3mp.exe] => (Allow) G:\cod modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{B4F0428B-CD55-4F1B-8C8E-D4DA972AC631}G:\cod modern warfare\iw3mp.exe] => (Allow) G:\cod modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{8C89C1EF-7BED-4F53-AE86-0C80C5A2A1D6}D:\spiele\cod 4\cod\iw3mp.exe] => (Allow) D:\spiele\cod 4\cod\iw3mp.exe
FirewallRules: [UDP Query User{C0596A31-D2EF-43CD-901B-C13B034A6A64}D:\spiele\cod 4\cod\iw3mp.exe] => (Allow) D:\spiele\cod 4\cod\iw3mp.exe
FirewallRules: [TCP Query User{DDE18B4D-9CE0-4D6F-A4F9-742836ED8E88}D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe
FirewallRules: [UDP Query User{982DF12D-41F8-4929-9043-59FFECC36A85}D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\empires2.exe
FirewallRules: [TCP Query User{6C01EAE6-A724-4EF4-A97E-F92C489AA048}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{49256B58-F16B-45EB-BA37-D030E4BEE218}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{14129D83-2C24-4FF5-96B0-44449A419CF2}D:\spiele\age of empires 2\the age of kings\empires2.exe] => (Allow) D:\spiele\age of empires 2\the age of kings\empires2.exe
FirewallRules: [UDP Query User{8B42FAD0-4900-4108-BCAA-85B200F7F897}D:\spiele\age of empires 2\the age of kings\empires2.exe] => (Allow) D:\spiele\age of empires 2\the age of kings\empires2.exe
FirewallRules: [TCP Query User{19FD3923-94F8-4C10-B82F-9CFC1E5568B3}D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe
FirewallRules: [UDP Query User{0D086238-D253-4FEC-9F43-5D699BD7E585}D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe] => (Allow) D:\spiele\age of empires 2\the conquerors\age of empires 2\age2_x1.exe
FirewallRules: [TCP Query User{4FBD02E4-6A07-4AF2-8603-40570B3EF22D}D:\spiele\warcraft iii\war3.exe] => (Allow) D:\spiele\warcraft iii\war3.exe
FirewallRules: [UDP Query User{8F828326-B1FE-47F5-911A-1D013E152952}D:\spiele\warcraft iii\war3.exe] => (Allow) D:\spiele\warcraft iii\war3.exe
FirewallRules: [TCP Query User{FA9AEBEE-D419-4D58-8EC0-E7EEE0F89815}D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe] => (Allow) D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe
FirewallRules: [UDP Query User{AC51A052-FFC3-439A-BE9B-0EC5685E88F5}D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe] => (Allow) D:\spiele\warcraft an pc des tollsten kerls der welt (philipp-pc)\warcraft 3 an stefan-pc\war3.exe
FirewallRules: [TCP Query User{382F626B-A891-47BB-88EC-68427C595C19}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{9310B402-5286-413C-A1EA-9EBD37AE0492}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{DDBC55B4-7AA3-480C-9B9F-D868B1AB9A7E}] => (Allow) D:\Spiele\Steam\steamapps\common\True or False\TrueOrFalse.exe
FirewallRules: [{F7CC3BBB-F577-466A-B303-E8B35CA3F376}] => (Allow) D:\Spiele\Steam\steamapps\common\True or False\TrueOrFalse.exe
FirewallRules: [{2A07A4BA-5DA8-4D16-85B7-5631CD04157F}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{6BE5DBE5-FADE-419F-B775-0846A172D417}] => (Allow) D:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{3509D227-ADA0-40D5-92D3-9BDD75438C9E}] => (Allow) D:\Program Files (x86)\Origin Games\Dungeon Keeper\DATA\DOSBox\DOSBox.exe
FirewallRules: [{1FE0EF2E-A951-4AC7-A04C-122C714E3491}] => (Allow) D:\Program Files (x86)\Origin Games\Dungeon Keeper\DATA\DOSBox\DOSBox.exe
FirewallRules: [TCP Query User{9264B8AD-6545-4025-B5D1-3D7764B6E46E}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{B8C30ED9-732D-4914-AC40-2A04FF7130BC}C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [TCP Query User{298FF1E4-58B3-4780-8350-5E912133CB5B}D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E6A49C35-EDA5-40FF-930F-142BD28E7333}D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\spiele\minecraft (vanilla)\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{33946618-F869-4BF8-8CD2-B1CFFAD98FE7}D:\spiele\farming simulator 17\dedicatedserver.exe] => (Allow) D:\spiele\farming simulator 17\dedicatedserver.exe
FirewallRules: [UDP Query User{DD7D7B04-FD89-4C35-A350-170E9C612663}D:\spiele\farming simulator 17\dedicatedserver.exe] => (Allow) D:\spiele\farming simulator 17\dedicatedserver.exe
FirewallRules: [TCP Query User{39F3F676-4700-4F6F-AE95-F16DD68931F9}D:\spiele\railroad tycoon 3\rt3.exe] => (Allow) D:\spiele\railroad tycoon 3\rt3.exe
FirewallRules: [UDP Query User{DA48B3A4-6FB4-46F3-874A-1C1B6359BC35}D:\spiele\railroad tycoon 3\rt3.exe] => (Allow) D:\spiele\railroad tycoon 3\rt3.exe
FirewallRules: [{978761B4-6E6F-40B6-A286-3025C9F652DC}] => (Allow) D:\Images\FIFA 15 Ultimate Team Edition\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{9F9C2B31-469E-4B5E-94C4-A1AA58372785}] => (Allow) D:\Images\FIFA 15 Ultimate Team Edition\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{B2AE2EBD-8E68-4389-B786-26BB61203754}C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A3BAC214-B1C9-460E-9DB7-5222854A7AC7}C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{2FEB554B-668C-4334-8127-D79AB522F76B}] => (Allow) D:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3550DB2F-9A83-44D8-B762-C4B2E7E2AFA7}] => (Allow) D:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8153103A-9C1F-4DD1-B6C4-D9B7AB5BC31D}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\RpcAgentSrv.exe
FirewallRules: [{ED9F96C0-CF08-443F-9990-CB83B2529520}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\RpcSandraSrv.exe
FirewallRules: [TCP Query User{E95DE146-1E58-4984-9726-2A41C096DC5B}D:\spiele\rise of venice\riseofvenice.exe] => (Allow) D:\spiele\rise of venice\riseofvenice.exe
FirewallRules: [UDP Query User{130C7A70-65FF-41E9-8CDB-2E6F7C313FE4}D:\spiele\rise of venice\riseofvenice.exe] => (Allow) D:\spiele\rise of venice\riseofvenice.exe
FirewallRules: [{0076A664-1F6E-4E32-8982-16E91EA8175E}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base38996\SC2_x64.exe
FirewallRules: [{409F00AB-C3F2-4702-A7F0-2B0299D26396}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base38996\SC2_x64.exe
FirewallRules: [{4D6CAC72-A665-4A0B-8A38-74EAE4106622}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C8DD86A8-3582-46F1-BBFC-EAE03D6DC7CB}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base52910\SC2_x64.exe
FirewallRules: [{57BA57BD-9A5B-41B8-9386-847CA664F89C}] => (Allow) D:\Spiele\StarCraft II German Trilogy Edition\Versions\Base52910\SC2_x64.exe
FirewallRules: [{D2579AFE-FA51-42E4-A0BC-77EA41127C6A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{5DB42B66-CE0F-447F-80F2-0C2FEFC5FF2B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{F1AD07AF-9600-4342-BB57-33C116F0657D}] => (Allow) D:\Spiele\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{75BA888F-1050-414F-AE1A-7DB9C3BE0E91}] => (Allow) D:\Spiele\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{D40F0973-347B-4C51-8094-E8FA0EFAA123}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E9CE497-93B3-4636-BB54-5F4B7129B1CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E5130A9A-C542-41D1-88CE-45C54CA8BEEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F4A5E90-15CC-4BAB-BCD8-82103C764073}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{86BE054C-156B-41FA-B26C-962403714D74}D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe] => (Allow) D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe
FirewallRules: [UDP Query User{A38A004F-3EDD-46B0-805E-EFC14F90E02C}D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe] => (Allow) D:\spiele\ben and ed\benanded\binaries\win32\benanded.exe
FirewallRules: [TCP Query User{57B8986C-3841-4BFD-87CF-557F40373065}D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe] => (Allow) D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe
FirewallRules: [UDP Query User{AE1B49E8-5531-455F-B743-A30B4067B3D7}D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe] => (Allow) D:\spiele\the long journey home\tljh\binaries\win64\tljh-win64-shipping.exe
FirewallRules: [TCP Query User{C46D8A88-E4E2-4395-9F36-71D9CA7CCF29}D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe] => (Allow) D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe
FirewallRules: [UDP Query User{DABDD353-21EA-485E-8170-0E6E8D358E04}D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe] => (Allow) D:\spiele\orcs must die! 2 complete\build\release\orcsmustdie2.exe
FirewallRules: [{D08D042F-8A71-4631-BB5E-9AD33202E987}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{F3734456-4DC5-4EF3-B745-B8AAA76BEDF2}] => (Allow) D:\Spiele\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{701192D0-BE25-40AA-A3CA-12E4CB4A4683}] => (Allow) D:\Spiele\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{75D1F4EC-E354-42B1-A5F1-BFDAB95981A4}] => (Allow) D:\Spiele\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [{08858A00-5557-47F4-B1A6-CC21C8253674}] => (Allow) D:\Spiele\Steam\steamapps\common\Fallout Shelter\FalloutShelter.exe
FirewallRules: [TCP Query User{1921847B-DC1D-4071-A63D-D98E2C951E46}D:\spiele\pro cycling manager 2017\pcm64.exe] => (Allow) D:\spiele\pro cycling manager 2017\pcm64.exe
FirewallRules: [UDP Query User{81FDE38F-6F69-4257-9423-F7E5F57514B7}D:\spiele\pro cycling manager 2017\pcm64.exe] => (Allow) D:\spiele\pro cycling manager 2017\pcm64.exe
FirewallRules: [{8DDDBDCE-1F77-442A-82E2-F805BD053103}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1D89FAAE-8A2A-45D0-B671-8F6C3815DDA7}] => (Allow) C:\Program Files\Opera\47.0.2631.39\opera.exe
FirewallRules: [{793B3481-149C-4090-B74C-6C7B178D5BB1}] => (Allow) C:\Program Files\Opera\47.0.2631.55\opera.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{21411DC1-C4D3-499C-846B-15896474C549}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{BB16A2A2-3D57-48FB-BE76-B8D1BB7C2611}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{AF05D5F3-50FA-4F61-9F5C-1E0A8466E771}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{D487C9BD-8AC8-4364-912C-3BA790288922}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{35BBB976-6628-44A2-B41E-BE378CE018B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/27/2017 03:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 4.A.0.9.0.8.8.2.6.9.B.D.E.3.5.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Sebastian-PC-2.local.

Error: (08/27/2017 03:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   20 4.A.0.9.0.8.8.2.6.9.B.D.E.3.5.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Sebastian-PC.local.

Error: (08/27/2017 03:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   22 11.0.168.192.in-addr.arpa. PTR Sebastian-PC-2.local.

Error: (08/27/2017 03:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   20 11.0.168.192.in-addr.arpa. PTR Sebastian-PC.local.

Error: (08/27/2017 03:12:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Sebastian-PC.local already in use; will try Sebastian-PC-2.local instead

Error: (08/27/2017 03:12:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister   16 Sebastian-PC.local. AAAA FE80:0000:0000:0000:853E:DB96:2880:90A4

Error: (08/27/2017 03:12:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   16 Sebastian-PC.local. AAAA FD00:0C47:3D3F:C952:853E:DB96:2880:90A4

Error: (08/27/2017 03:12:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:    4 Sebastian-PC.local. Addr 192.168.0.11

Error: (08/27/2017 03:12:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 00000000017229A0 Our Record 2 won:  8A19B21E   16 Sebastian-PC.local. AAAA FE80:0000:0000:0000:853E:DB96:2880:90A4

Error: (08/27/2017 03:12:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 00000000017229A0 Pkt Record:        F00DF5DF   16 Sebastian-PC.local. AAAA FD00:0C47:3D3F:C952:B945:E860:71FC:ECBC


Systemfehler:
=============
Error: (08/27/2017 03:13:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
Das System kann die angegebene Datei nicht finden.

Error: (08/27/2017 03:12:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/27/2017 03:12:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (08/27/2017 02:59:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
Das System kann die angegebene Datei nicht finden.

Error: (08/27/2017 02:58:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/27/2017 02:58:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (08/27/2017 02:57:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst konnte wegen einer fehlerhaften Anmeldung nicht gestartet werden.

Error: (08/27/2017 02:57:06 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
Die Anforderung wird nicht unterstützt.


Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/27/2017 02:56:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (08/27/2017 02:56:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) II X6 1045T Processor
Prozentuale Nutzung des RAM: 46%
Installierter physikalischer RAM: 6141.09 MB
Verfügbarer physikalischer RAM: 3285.75 MB
Summe virtueller Speicher: 12280.37 MB
Verfügbarer virtueller Speicher: 8928.52 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:59.53 GB) (Free:4.33 GB) NTFS
Drive d: (Volume) (Fixed) (Total:3725.9 GB) (Free:1078.08 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 225F225F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 94A77791)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 28.08.2017, 10:36   #13
Tician
/// TB-Senior
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Ist das ein legales Windows? Eine Ultimate-Version ist für einen privaten Rechner sehr unüblich.
__________________
Gruß Tician

Alt 28.08.2017, 17:22   #14
Easy Frag
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Ich habe ihn gefragt, die zusammengefasste Antwort lautet in etwa so.

War Buchhalter bei einem kleine/mittelständigen Betrieb -> Abteilung bekam Volumenlizenz -> Betrieb ging den Bach runter -> Chef war ein guter Mensch und gab den Key an seine direkten 5 Untergebenen raus bevor der Laden dicht gemacht wurde, da Gehaltsforderungen sowieso nicht mehr beglichen werden konnten -> der Key wird höchstens von 4 Personen noch genutzt

Ob das jetzt legal ist oder nicht musst du mir sagen, so gut sind meine Kenntnisse in Sachen Lizenzrecht leider auch nicht.

Alt 29.08.2017, 08:20   #15
Tician
/// TB-Senior
 
Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Standard

Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks



Hi,

alles klar, gut gemacht!

Code:
ATTFilter
2017-08-23 17:14 - 2017-05-14 18:48 - 000046395 _____ C:\Users\Administrator\Desktop\Ikariam Produktion.xlsx
         
Die müsste sich auf dem Desktop befinden - war die gewünscht oder nicht?

Dann schmeißen wir mal noch die Reste runter.

Schritt 1:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\user.js [2017-08-23]
FF Extension: (Quick Searcher) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bci6t4gj.default\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2017-08-23]
2017-08-23 22:01 - 2017-08-23 22:01 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\npm
2017-08-23 21:59 - 2017-08-23 21:59 - 000140800 _____ C:\Users\Administrator\AppData\Local\installer.dat
2017-08-23 21:59 - 2017-08-23 21:59 - 000019008 _____ C:\Users\Administrator\AppData\Local\INSTALLATIONCONFIGURATION.del
2017-08-23 21:58 - 2017-08-27 15:07 - 000000000 ____D C:\Program Files\Novo
2017-08-23 15:51 - 2017-08-27 15:07 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\olvi5sm3ytt
2017-08-23 15:51 - 2017-08-27 15:07 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\csgqyfbqxo5
2017-08-23 15:51 - 2017-08-23 15:51 - 000000000 ____D C:\Windows\Azart
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
Task: {181A5C3F-F030-45F4-92A4-CA9E00C940B5} - \Apple\AppleSoftwareUpdate -> Keine Datei <==== ACHTUNG
Task: {856A07D8-0823-4713-938B-5802ED7DCD55} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2:
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.
__________________
Gruß Tician

Antwort

Themen zu Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks
.dll, adware, bonjour, defender, desktop, explorer, google, installation, internet, mozilla, problem, prozesse, registry, rundll, scan, services.exe, software, spam, svchost.exe, system, temp, updates, usb, windows, öffnet



Ähnliche Themen: Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks


  1. Verknüpfungen zum Browser und zu Browsergames werden auf dem Desktop erstellt
    Log-Analyse und Auswertung - 17.05.2017 (2)
  2. Alle Dateien vom Desktop verschwunden - bis auf 4 Verknüpfungen (Windows 7 Pro)
    Log-Analyse und Auswertung - 05.09.2015 (26)
  3. Alle Dateien vom Desktop verschwunden - bis auf 4 Verknüpfungen (Windows 7 Pro)
    Alles rund um Windows - 03.09.2015 (8)
  4. Desktop-Verknüpfungen verschwinden
    Alles rund um Windows - 07.07.2015 (23)
  5. Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste
    Log-Analyse und Auswertung - 25.02.2015 (62)
  6. Win7 64Bit ADWARE/Adware.Gen7 , 'TR/Rogue.230400.8
    Log-Analyse und Auswertung - 31.01.2015 (24)
  7. Win7/Avira meldet ADWARE/Adware.Gen7
    Log-Analyse und Auswertung - 24.11.2014 (8)
  8. Win7: auf dem USB-Stick sind nur Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 14.05.2014 (7)
  9. WIN7 Absturz, CHKDSK erzeugt kurzfristig mehr Speicherplatz auf SSD
    Alles rund um Windows - 22.10.2013 (2)
  10. Windows 7 - Verknüpfungen auf dem Desktop verschwinden
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (25)
  11. Windows 7 - Verknüpfungen auf dem Desktop verschwinden
    Alles rund um Windows - 30.08.2012 (2)
  12. Trojaner, welches Lied öffnet, Meldung erzeugt und Desktop-Hintergrundbild ändert
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (1)
  13. Verknüpfungen von Desktop gelöscht/ Desktop schwarz und keinen Zugriff auf Dateien
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (1)
  14. Firefox Add-Ons und ungewollte Verknüpfungen auf dem Desktop
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (18)
  15. Spywarebefund(S&D), unbekannte Verknüpfungen auf dem Desktop. Malware?
    Plagegeister aller Art und deren Bekämpfung - 12.04.2009 (5)
  16. Unerwünschte Online-Verknüpfungen auf dem Desktop
    Überwachung, Datenschutz und Spam - 06.09.2003 (1)

Zum Thema Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks - Hallo an alle! Ich ersuche Hilfe hier im Auftrag eines lieben Mitmenschen. Da ich mich selbst als recht Computeraffin bezeichnen würde erhoffe ich mit eurer Hilfe das System zu säubern. - Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks...
Archiv
Du betrachtest: Win7: Adware erzeugt Verknüpfungen auf Desktop und öffnet ADlinks auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.