Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: OTL scan auf BKA trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.02.2018, 06:09   #1
juergen007
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Ich ließ wg. eines Hinweises in einem anderen Thread
https://www.trojaner-board.de/121343-logfileauswertung-otl.html mal ein OTL Version 3.2.69.0 laufen mit quick run ohne weitere präparierte Listen. Gibt es diesen BKA trojaner noch? Evtl. weil ich ne uralte Platte von 2011 an usb gehängt habe.
Das kommt mir doch auffälig vor. Ich lasse jetzt noch ein cleanup laufen. Denke das ist damit erledigt, oder?
Danke im voraus
Jürgen

Hier das Log file
Code:
ATTFilter
OTL logfile created on: 13.02.2018 05:46:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18893)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,49 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 61,74% Memory free
11,48 Gb Paging File | 8,36 Gb Available in Paging File | 72,76% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,18 Gb Total Space | 157,76 Gb Free Space | 32,32% Space Free | Partition Type: NTFS
Drive D: | 443,23 Gb Total Space | 149,91 Gb Free Space | 33,82% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 64,72 Mb Free Space | 64,72% Space Free | Partition Type: NTFS
Drive G: | 351,38 Gb Total Space | 50,38 Gb Free Space | 14,34% Space Free | Partition Type: NTFS
Drive H: | 347,16 Gb Total Space | 44,24 Gb Free Space | 12,74% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 67,97 Gb Free Space | 7,30% Space Free | Partition Type: NTFS
Drive J: | 931,41 Gb Total Space | 31,67 Gb Free Space | 3,40% Space Free | Partition Type: NTFS
Drive K: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 3,73 Gb Total Space | 0,04 Gb Free Space | 0,96% Space Free | Partition Type: FAT32
 
Computer Name: JUERGEN2-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2018.02.13 05:42:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2018.02.05 12:08:04 | 000,601,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2017.12.12 21:22:32 | 000,055,000 | ---- | M] (Copyright (c) 2017 Plays.tv, LLC) -- C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
PRC - [2017.11.29 09:11:50 | 003,515,856 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2017.11.14 12:52:42 | 000,288,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
PRC - [2017.09.27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016.08.18 09:27:06 | 000,216,576 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
PRC - [2013.02.19 16:38:58 | 000,453,736 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2012.04.11 10:41:04 | 000,097,280 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe -- (TrueKeyServiceHelper)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\TrueKey\McTkSchedulerService.exe -- (TrueKeyScheduler)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe -- (TrueKey)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -- (InstallerService)
SRV:64bit: - [2017.12.29 09:39:36 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2017.11.01 08:07:08 | 006,234,056 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:64bit: - [2016.12.12 20:42:54 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2016.11.14 21:14:42 | 000,361,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2016.11.14 21:14:42 | 000,119,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2016.08.22 17:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2016.05.06 09:51:14 | 003,026,584 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BCA\pabeSvc64.exe -- (IntelBCAsvc)
SRV:64bit: - [2015.08.04 03:06:32 | 000,246,784 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2015.08.04 00:25:00 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2018.02.10 07:54:40 | 000,194,512 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017.12.12 21:22:32 | 000,055,000 | ---- | M] (Copyright (c) 2017 Plays.tv, LLC) [Auto | Running] -- C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe -- (PlaysService)
SRV - [2017.09.27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2017.08.29 07:57:20 | 010,803,440 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2017.04.21 13:53:36 | 000,107,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2016.08.18 09:27:06 | 000,216,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2016.03.31 13:03:02 | 000,544,984 | ---- | M] (Visicom Media Inc.) [Disabled | Stopped] -- C:\ProgramData\ManyCam\Service\ManyCamService.exe -- (ManyCam Service)
SRV - [2015.12.01 12:56:07 | 000,090,592 | ---- | M] (Jetico, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe -- (BCWipeSvc)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2018.02.13 05:34:29 | 000,084,256 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebProtection)
DRV:64bit: - [2018.02.13 05:31:46 | 000,046,008 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
DRV:64bit: - [2018.02.13 05:31:35 | 000,110,016 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\farflt.sys -- (MBAMFarflt)
DRV:64bit: - [2018.02.13 05:31:27 | 000,253,880 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2018.02.10 21:01:52 | 000,193,968 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MbamChameleon.sys -- (MBAMChameleon)
DRV:64bit: - [2017.11.29 09:11:26 | 000,077,432 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mbae64.sys -- (ESProtectionDriver)
DRV:64bit: - [2016.10.09 18:18:48 | 000,027,384 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV:64bit: - [2016.08.25 09:46:12 | 000,135,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2015.12.01 12:57:52 | 000,042,632 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MftWipeFilter.sys -- (MftWipeFilter)
DRV:64bit: - [2015.11.17 14:40:58 | 000,195,416 | ---- | M] (IDRIX) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\veracrypt.sys -- (veracrypt)
DRV:64bit: - [2015.08.04 07:23:28 | 021,622,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2015.08.04 02:42:28 | 000,665,088 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2015.07.15 11:20:32 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2015.05.19 11:35:27 | 000,057,536 | ---- | M] (Jetico Inc. Oy) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsh.sys -- (fsh)
DRV:64bit: - [2015.04.03 01:14:26 | 000,229,056 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2015.01.15 07:42:24 | 000,977,624 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014.12.29 05:07:36 | 000,049,304 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv.sys -- (ManyCam)
DRV:64bit: - [2014.12.29 04:56:08 | 000,035,992 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2014.11.24 07:42:17 | 000,094,400 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bcswap.sys -- (BCSWAP)
DRV:64bit: - [2014.02.11 17:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\AMD\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.3)
DRV:64bit: - [2013.07.21 18:41:12 | 000,013,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHMSR64.sys -- (DRHMSR64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.01.14 04:05:56 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011.12.13 04:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.12.13 04:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.11.03 19:05:40 | 000,021,984 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHARD64.sys -- (DRHARD64)
DRV:64bit: - [2011.10.26 10:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.10.26 10:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.07.21 18:41:12 | 000,013,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHMSR64.sys -- (DRHMSR64)
DRV - [2011.11.03 19:05:40 | 000,021,984 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHARD64.sys -- (DRHARD64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-963683855-2343051469-89585254-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = B1 39 A1 F2 92 66 D2 01  [binary data]
IE - HKU\S-1-5-21-963683855-2343051469-89585254-500\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-963683855-2343051469-89585254-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-963683855-2343051469-89585254-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-963683855-2343051469-89585254-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.region: "DE"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.widget.inNavBar: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 58.0.2\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 58.0.2\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2017.01.04 14:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2017.11.26 17:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\SystemExtensionsDev
[2018.02.12 03:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data
[2018.02.13 05:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\{a80bbdbb-6fd0-4ee2-ab67-47ef4ba1cede}
[2018.02.06 13:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\adguardadblocker@adguard.com
[2018.01.27 12:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\artur.dubovoy@gmail.com
[2018.02.07 19:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\consistent-https@tanalin.com
[2018.02.13 05:46:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\firefox@ghostery.com
[2018.02.13 05:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\jid1-NIfFY2CA8fy1tg@jetpack
[2017.10.19 05:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\screenshots@mozilla.org
[2018.02.10 18:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions
[2018.02.07 19:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\storage\default\moz-extension+++1b1ca62e-9224-41a3-aa76-4b389b9ef786
[2018.02.13 05:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\storage\default\moz-extension+++1b1ca62e-9224-41a3-aa76-4b389b9ef786\idb
[2018.02.06 13:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\storage\default\moz-extension+++a390d351-cd62-426a-a84b-c588b56d1aad
[2018.02.13 05:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\storage\default\moz-extension+++a390d351-cd62-426a-a84b-c588b56d1aad\idb
[2018.02.07 19:36:33 | 000,387,733 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\artur.dubovoy@gmail.com.xpi
[2018.02.07 19:34:55 | 000,009,834 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\consistent-https@tanalin.com.xpi
[2018.02.10 18:53:55 | 003,822,716 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\firefox@ghostery.com.xpi
[2018.02.08 18:39:41 | 001,614,680 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\https-everywhere@eff.org.xpi
[2018.02.07 19:34:19 | 000,937,042 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi
[2018.02.07 19:36:59 | 000,577,156 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\{a80bbdbb-6fd0-4ee2-ab67-47ef4ba1cede}.xpi
[2018.02.10 07:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
 
O1 HOSTS File: ([2018.02.10 18:45:19 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-963683855-2343051469-89585254-500..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (AppEx Networks Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKU\S-1-5-21-963683855-2343051469-89585254-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: localhost ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F4DD125-EDDA-44BF-B378-9BAF78A43AC1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2016.08.27 20:00:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.05.06 13:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2015.03.19 17:41:06 | 000,000,016 | -H-- | M] () - L:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2018.02.13 05:44:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2018.02.11 10:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2018.02.10 21:58:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ESET
[2018.02.10 21:01:52 | 000,193,968 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2018.02.10 21:01:44 | 000,110,016 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2018.02.10 21:01:44 | 000,084,256 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2018.02.10 21:01:43 | 000,046,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2018.02.10 21:01:33 | 000,253,880 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2018.02.10 21:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2018.02.10 21:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2018.02.10 18:54:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VeraCrypt
[2018.02.10 18:45:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\FRST-OlderVersion
[2018.02.10 07:57:12 | 002,404,864 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FRST64.exe
[2018.02.08 20:24:04 | 000,000,000 | ---D | C] -- C:\My Files(juergen-PC)
[2018.02.08 18:12:10 | 008,206,624 | ---- | C] (Malwarebytes) -- C:\Users\Administrator\Desktop\adwcleaner_7.0.7.0(3).exe
[2018.02.08 16:01:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2018.02.07 10:38:02 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\77E7F59C.sys
[2018.02.07 07:41:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\mathe
[2018.02.06 19:52:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AppEx Networks
[2018.02.06 18:41:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.QtWebEngineProcess
[2018.02.06 18:41:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.Plays.tv
[2018.02.06 18:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
[2018.02.06 18:40:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PlaysTV
[2018.02.06 18:38:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\library_dir
[2018.02.06 18:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr Inc
[2018.02.06 18:37:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Raptr
[2018.02.06 18:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
[2018.02.06 18:37:37 | 000,229,056 | ---- | C] (AppEx Networks Corporation) -- C:\Windows\SysNative\drivers\appexDrv.sys
[2018.02.06 18:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\AMD Quick Stream
[2018.02.06 18:28:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\RadeonInstaller
[2018.02.06 13:49:33 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\656387A4.sys
[2018.02.06 13:39:33 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\3353E5FC.sys
[2018.02.06 12:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2018.02.06 12:25:38 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\43221302.sys
[2018.02.06 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\mbar
[2018.02.06 09:00:17 | 000,000,000 | ---D | C] -- C:\daten
[2018.02.06 08:08:52 | 000,000,000 | ---D | C] -- C:\FRST
[2018.02.05 11:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BCWipe
[2018.02.05 11:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jetico
[2018.02.02 15:20:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2018.02.01 13:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2018.02.01 13:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2018.01.30 20:47:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2018.01.28 23:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firetrust
[2018.01.28 23:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Firetrust
[2018.01.27 12:34:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mathematica
[2018.01.27 12:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mathematica
[2018.01.27 12:34:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mathematica
[2018.01.27 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Wolfram Mathematica
[2018.01.27 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Wolfram
[2018.01.27 12:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica 11.2
[2018.01.27 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OpenOffice
[2018.01.27 12:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfram Research
[2018.01.27 12:00:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Wolfram Research
[2018.01.18 14:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2018.01.18 14:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2018.02.13 05:46:22 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018.02.13 05:46:22 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018.02.13 05:42:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2018.02.13 05:34:29 | 000,084,256 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2018.02.13 05:31:46 | 000,046,008 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2018.02.13 05:31:35 | 000,110,016 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2018.02.13 05:31:27 | 000,253,880 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2018.02.13 05:30:03 | 000,000,021 | ---- | M] () -- C:\Windows\S.dirmngr
[2018.02.13 05:29:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2018.02.13 05:29:48 | 1733,324,799 | -HS- | M] () -- C:\hiberfil.sys
[2018.02.11 21:56:42 | 000,852,720 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2018.02.11 11:46:13 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2018.02.11 11:46:13 | 000,653,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2018.02.11 11:46:13 | 000,121,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2018.02.10 21:01:52 | 000,193,968 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2018.02.10 21:01:27 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2018.02.10 18:45:19 | 000,000,035 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2018.02.10 18:45:05 | 002,404,864 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FRST64.exe
[2018.02.08 18:10:25 | 008,206,624 | ---- | M] (Malwarebytes) -- C:\Users\Administrator\Desktop\adwcleaner_7.0.7.0(3).exe
[2018.02.08 16:03:16 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk
[2018.02.08 16:02:01 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2018.02.08 16:02:01 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2018.02.08 16:02:01 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2018.02.07 10:38:02 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\77E7F59C.sys
[2018.02.07 07:45:36 | 000,022,284 | ---- | M] () -- C:\Users\Administrator\Desktop\23.jpg
[2018.02.07 07:43:01 | 000,008,189 | ---- | M] () -- C:\Users\Administrator\Desktop\export_reply_3.nb
[2018.02.06 18:41:00 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Raptr.lnk
[2018.02.06 13:49:33 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\656387A4.sys
[2018.02.06 13:39:33 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\3353E5FC.sys
[2018.02.06 12:25:38 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\43221302.sys
[2018.02.06 11:38:52 | 000,291,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2018.02.05 11:39:23 | 000,001,167 | ---- | M] () -- C:\Windows\SysWow64\Reinigung.cmd
[2018.02.05 11:39:23 | 000,001,167 | ---- | M] () -- C:\Windows\SysNative\Reinigung.cmd
[2018.02.01 13:35:05 | 000,137,345 | ---- | M] () -- C:\Users\Administrator\Documents\crystalI.jpg
[2018.02.01 13:33:46 | 000,135,651 | ---- | M] () -- C:\Users\Administrator\Documents\crystalCD.jpg
[2018.02.01 13:21:03 | 000,133,093 | ---- | M] () -- C:\Users\Administrator\Documents\crystal.jpg
[2018.02.01 13:05:44 | 000,001,196 | ---- | M] () -- C:\Users\Administrator\Desktop\CrystalDiskInfo.lnk
[2018.01.19 14:22:06 | 000,765,656 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2018.01.18 14:27:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2018.01.15 11:23:58 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2018.02.13 05:30:03 | 000,000,021 | ---- | C] () -- C:\Windows\S.dirmngr
[2018.02.11 21:59:09 | 000,852,720 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2018.02.10 21:01:27 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2018.02.10 21:01:23 | 000,077,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2018.02.08 16:03:16 | 000,002,220 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
[2018.02.08 16:03:16 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk
[2018.02.07 12:49:25 | 1733,324,799 | -HS- | C] () -- C:\hiberfil.sys
[2018.02.07 07:44:01 | 000,022,284 | ---- | C] () -- C:\Users\Administrator\Desktop\23.jpg
[2018.02.07 07:43:01 | 000,008,189 | ---- | C] () -- C:\Users\Administrator\Desktop\export_reply_3.nb
[2018.02.06 18:41:00 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Raptr.lnk
[2018.02.06 09:28:27 | 000,001,820 | ---- | C] () -- C:\Windows\SysNative\Wartung.cmd
[2018.02.06 09:28:27 | 000,001,167 | ---- | C] () -- C:\Windows\SysNative\Reinigung.cmd
[2018.02.01 13:35:05 | 000,137,345 | ---- | C] () -- C:\Users\Administrator\Documents\crystalI.jpg
[2018.02.01 13:33:46 | 000,135,651 | ---- | C] () -- C:\Users\Administrator\Documents\crystalCD.jpg
[2018.02.01 13:21:03 | 000,133,093 | ---- | C] () -- C:\Users\Administrator\Documents\crystal.jpg
[2018.02.01 13:05:44 | 000,001,196 | ---- | C] () -- C:\Users\Administrator\Desktop\CrystalDiskInfo.lnk
[2018.02.01 12:01:42 | 000,001,820 | ---- | C] () -- C:\Windows\SysWow64\Wartung.cmd
[2018.02.01 12:01:42 | 000,001,167 | ---- | C] () -- C:\Windows\SysWow64\Reinigung.cmd
[2018.01.18 14:27:37 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2017.12.21 16:25:58 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\CSVSpecialProcessing.dll
[2017.12.21 16:25:58 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\SARzilla.dll
[2017.12.21 16:25:58 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM2.dll
[2017.12.21 16:25:58 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx13_ic.ini
[2017.08.09 13:58:31 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2017.07.20 19:34:39 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2018.01.01 03:18:30 | 014,183,936 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2018.01.01 03:00:12 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2017.10.24 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.kde
[2017.10.24 16:17:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Electrum
[2017.01.04 14:38:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2018.02.11 11:40:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gnupg
[2017.01.04 19:10:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2018.02.06 18:38:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\library_dir
[2017.12.27 06:17:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2018.01.27 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice
[2017.12.12 15:38:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PilotEdit
[2018.02.06 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlaysTV
[2018.02.06 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Raptr
[2017.01.04 14:15:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2018.02.10 18:54:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VeraCrypt
[2016.09.04 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\.kde
[2016.01.20 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\AMD
[2016.07.13 12:37:52 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\AVG
[2015.12.07 17:47:48 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Canon
[2016.08.10 07:59:05 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\ChessBase
[2016.06.24 15:29:04 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\DVI
[2018.02.05 20:47:02 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Electrum
[2018.01.28 23:59:54 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Firetrust
[2016.02.23 11:00:47 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Forte
[2016.12.15 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\fp
[2016.08.17 05:08:18 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\GeoGebra 5.0
[2016.10.25 19:40:47 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\GHISLER
[2018.01.26 12:50:18 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\gnupg
[2016.07.15 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Grisoft
[2017.06.05 18:26:43 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\I2P
[2018.02.05 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\IrfanView
[2015.11.01 09:47:33 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\library_dir
[2016.06.15 12:21:44 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\ManyCam
[2016.04.28 13:03:18 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Mathematik alpha 2016
[2015.11.05 16:27:54 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Notepad++
[2015.11.22 23:15:36 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\OpenOffice
[2017.06.21 18:59:15 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Opera Software
[2017.12.05 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\PilotEdit
[2018.02.07 05:35:12 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\PlaysTV
[2018.02.07 05:35:40 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Raptr
[2017.12.21 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\SoftInterface, Inc
[2017.10.30 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\TeamViewer
[2015.11.05 16:39:42 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Thunderbird
[2015.11.17 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\TrueCrypt
[2016.06.24 07:06:37 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\TuneUp Software
[2015.11.18 13:37:07 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\VeraCrypt
[2017.06.21 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\VS Revo Group
[2016.12.12 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Xilinx
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 13.02.2018, 11:10   #2
M-K-D-B
/// TB-Ausbilder
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner






wünscht du Hilfe bei einer Bereinigung oder willst du selber ruhantieren?
__________________

__________________

Alt 13.02.2018, 11:39   #3
juergen007
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Hallo!
ich habe nur das neueset standard OTL Programm laufen lassen und auf alles bereigen gedrückt
Wäre nett wenn ich da noch weiter Hilfe hätte, sil te plais
Jürgen
__________________

Alt 13.02.2018, 17:32   #4
M-K-D-B
/// TB-Ausbilder
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



OTL wird schon seit Jahren nicht mehr verwendet.











Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.



Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
  1. Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.

  2. Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.

  3. Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!

  4. Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
    Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
    Zudem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.


  5. Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!

  6. Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!

  7. Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.

  8. Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
    Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.


  9. Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.

  10. In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
    Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.





Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!







Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)








Bitte poste mit deiner nächsten Antwort
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).
__________________
Gruß
M-K-D-B


Das Trojaner-Board unterstützen

Alt 13.02.2018, 22:48   #5
juergen007
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Administrator (administrator) on JUERGEN2-PC (13-02-2018 17:44:19)
Running from D:\backupMaxtor80gb\data\FRSTData
Loaded Profiles: Administrator &  (Available Profiles: juergen2 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Users\Administrator\AppData\Local\Temp\~nsu.tmp\Au_.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\Policies\Explorer: [NoThumbNailCache] 1
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\MountPoints2: {3b6eaf21-9024-11e5-b954-8c89a53586cf} - K:\LaunchU3.exe -a
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-500\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-500\...\Policies\Explorer: [NoThumbNailCache] 1
HKU\S-1-5-21-963683855-2343051469-89585254-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170301201\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170301201\...\Policies\Explorer: [NoThumbNailCache] 1
AppInit_DLLs-x32: hplun.dll => No File
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4F4DD125-EDDA-44BF-B378-9BAF78A43AC1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-at
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF DefaultProfile: iv2ha52p.default-1508386149418
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 [2018-02-13]
FF Session Restore: Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 -> Disabled: _j5Members_@ext.ask.com
FF Extension: (Flash Video Downloader) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\artur.dubovoy@gmail.com.xpi [2018-02-07]
FF Extension: (ConsistentHTTPS) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\consistent-https@tanalin.com.xpi [2018-02-07]
FF Extension: (Name) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\firefox@ghostery.com.xpi [2018-02-10]
FF Extension: (HTTPS Everywhere) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\https-everywhere@eff.org.xpi [2018-02-08]
FF Extension: (AdBlock) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-02-07]
FF Extension: (Flash & Video Downloader) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\{a80bbdbb-6fd0-4ee2-ab67-47ef4ba1cede}.xpi [2018-02-07]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S4 BCWipeSvc; C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe [90592 2015-12-01] (Jetico, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
S4 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe" [X]
S4 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X]
S4 TrueKeyScheduler; "C:\Program Files\TrueKey\McTkSchedulerService.exe" [X]
S3 TrueKeyServiceHelper; "C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S4 BCSWAP; no ImagePath
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R4 fsh; no ImagePath
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-02-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-02-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-13] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-02-13] (Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
S3 MftWipeFilter; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsla8d6e4e8; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9ECEEEA8-204E-417F-A7F0-26DB4D269883}\MpKsla8d6e4e8.sys [58120 2018-02-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2015-11-17] (IDRIX)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2016-10-09] (Xilinx, Inc.)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U3 aswbdisk; no ImagePath
R1 bcbus; system32\DRIVERS\bcbus.sys [X]
S3 X6va037; \??\C:\Windows\SysWOW64\Drivers\X6va037 [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-13 17:43 - 2018-02-13 17:44 - 000000000 ____D C:\FRST
2018-02-13 16:53 - 2018-02-13 16:53 - 000000021 _____ C:\Windows\S.dirmngr
2018-02-13 16:30 - 2018-02-13 16:30 - 000000000 ____D C:\Users\Administrator\Documents\BCDB
2018-02-13 10:29 - 2018-02-13 17:02 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-02-12 15:51 - 2018-02-12 15:51 - 000001245 _____ C:\Users\Administrator\Desktop\malware12011544.txt
2018-02-11 10:50 - 2018-02-11 10:50 - 000000000 ____D C:\ProgramData\ATI
2018-02-10 21:58 - 2018-02-12 01:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET
2018-02-10 21:01 - 2018-02-13 17:02 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-02-10 21:01 - 2018-02-13 16:55 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-10 21:01 - 2018-02-13 10:28 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-02-10 21:01 - 2018-02-13 10:26 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-02-10 21:01 - 2018-02-10 21:01 - 000001835 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-10 21:01 - 2018-02-10 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-10 21:01 - 2018-02-10 21:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-10 21:01 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-10 18:54 - 2018-02-10 18:54 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VeraCrypt
2018-02-10 18:43 - 2018-02-10 18:43 - 000000000 _____ C:\Users\Administrator\Desktop\New Text Document.txt
2018-02-08 20:24 - 2018-02-08 20:24 - 000000000 ____D C:\My Files(juergen-PC)
2018-02-08 16:03 - 2018-02-08 16:03 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 16:03 - 2018-02-08 16:03 - 000002182 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-02-07 10:38 - 2018-02-07 10:38 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\77E7F59C.sys
2018-02-07 07:43 - 2018-02-07 07:43 - 000008189 _____ C:\Users\Administrator\Desktop\export_reply_3.nb
2018-02-07 07:41 - 2018-02-07 07:41 - 000000000 ____D C:\Users\Administrator\Desktop\mathe
2018-02-07 07:36 - 2018-02-07 07:37 - 000000000 ____D C:\Users\juergen2\Desktop\Mathe
2018-02-07 05:35 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\.QtWebEngineProcess
2018-02-07 05:35 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\.Plays.tv
2018-02-07 05:33 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Raptr
2018-02-07 05:33 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\PlaysTV
2018-02-06 19:52 - 2018-02-06 19:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\AppEx Networks
2018-02-06 18:41 - 2018-02-06 18:41 - 000000000 ____D C:\Users\Administrator\.QtWebEngineProcess
2018-02-06 18:41 - 2018-02-06 18:41 - 000000000 ____D C:\Users\Administrator\.Plays.tv
2018-02-06 18:40 - 2018-02-13 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2018-02-06 18:38 - 2018-02-06 18:38 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\library_dir
2018-02-06 18:37 - 2018-02-06 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2018-02-06 18:37 - 2018-02-06 18:37 - 000000000 ____D C:\Program Files\AMD Quick Stream
2018-02-06 18:37 - 2015-04-03 01:14 - 000229056 _____ (AppEx Networks Corporation) C:\Windows\system32\Drivers\appexDrv.sys
2018-02-06 18:28 - 2018-02-06 18:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\RadeonInstaller
2018-02-06 18:27 - 2018-02-06 18:27 - 041047112 _____ (AMD Inc.) C:\Users\Administrator\Downloads\radeon-software-adrenalin-18.2.1-minimalsetup-180201_web.exe
2018-02-06 13:49 - 2018-02-06 13:49 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\656387A4.sys
2018-02-06 13:39 - 2018-02-06 13:39 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3353E5FC.sys
2018-02-06 12:25 - 2018-02-10 21:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-06 12:25 - 2018-02-06 12:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\43221302.sys
2018-02-06 09:28 - 2018-02-05 11:39 - 000001167 _____ C:\Windows\system32\Reinigung.cmd
2018-02-06 09:28 - 2017-12-24 23:03 - 000001820 _____ C:\Windows\system32\Wartung.cmd
2018-02-06 09:00 - 2018-02-06 09:03 - 000000000 ____D C:\daten
2018-02-05 23:24 - 2018-02-05 23:41 - 000000000 ___HD C:\~BCWipe.tmp
2018-02-05 18:56 - 2018-02-05 18:56 - 000739464 _____ C:\Users\juergen2\Documents\IMG_20180205_0001.pdf
2018-02-05 11:48 - 2018-02-05 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BCWipe
2018-02-05 11:47 - 2018-02-13 17:12 - 000000000 ____D C:\Program Files (x86)\Jetico
2018-02-02 15:20 - 2018-02-02 15:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\dvdcss
2018-02-02 14:52 - 2018-02-02 14:52 - 000000017 _____ C:\Users\juergen2\AppData\Local\resmon.resmoncfg
2018-02-01 13:05 - 2018-02-01 13:05 - 000001196 _____ C:\Users\Administrator\Desktop\CrystalDiskInfo.lnk
2018-02-01 13:05 - 2018-02-01 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-02-01 13:05 - 2018-02-01 13:05 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2018-02-01 12:01 - 2018-02-05 11:39 - 000001167 _____ C:\Windows\SysWOW64\Reinigung.cmd
2018-02-01 12:01 - 2017-12-24 23:03 - 000001820 _____ C:\Windows\SysWOW64\Wartung.cmd
2018-02-01 00:23 - 2018-02-01 00:23 - 000000000 ____D C:\Users\juergen2\PDF
2018-01-31 23:58 - 2018-01-31 23:58 - 000000181 _____ C:\Users\juergen2\Documents\slashesversion.gp
2018-01-31 22:17 - 2018-01-31 22:17 - 000000142 _____ C:\Users\juergen2\new2.gp
2018-01-31 22:00 - 2018-01-31 21:57 - 000000096 _____ C:\Users\juergen2\Documents\new.txt
2018-01-31 21:17 - 2018-02-01 00:12 - 000007841 _____ C:\Users\juergen2\Documents11.pdf
2018-01-30 23:39 - 2018-01-30 23:40 - 000000127 _____ C:\Users\juergen2\Documents\anmachenFilipina.txt
2018-01-30 20:47 - 2018-01-30 20:47 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Macromedia
2018-01-29 22:31 - 2018-02-04 13:04 - 000004740 _____ C:\Users\juergen2\Documents\23.txt
2018-01-29 22:11 - 2018-01-30 23:09 - 000003173 _____ C:\Users\juergen2\Documents\13.txt
2018-01-29 22:09 - 2018-01-29 22:09 - 001332457 _____ C:\Users\juergen2\Documents\1013.txt
2018-01-29 21:01 - 2018-01-29 21:58 - 000003016 _____ C:\Users\juergen2\Desktop\mmmma.txt
2018-01-28 23:59 - 2018-01-28 23:59 - 000001182 _____ C:\Users\juergen2\Desktop\MailWasherPro.lnk
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firetrust
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Firetrust
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Program Files (x86)\Firetrust
2018-01-28 23:58 - 2018-01-29 00:00 - 000000000 ____D C:\ProgramData\Firetrust
2018-01-28 12:57 - 2018-01-31 21:20 - 000000000 ____D C:\Users\juergen2\Documents\Wolfram Mathematica
2018-01-28 12:57 - 2018-01-29 19:37 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Mathematica
2018-01-28 12:57 - 2018-01-28 12:58 - 000000000 ____D C:\Users\juergen2\AppData\Local\Mathematica
2018-01-28 12:57 - 2018-01-28 12:57 - 000000000 ____D C:\Users\juergen2\AppData\Local\Wolfram
2018-01-27 12:34 - 2018-02-07 07:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mathematica
2018-01-27 12:34 - 2018-02-07 07:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mathematica
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\Users\Administrator\Documents\Wolfram Mathematica
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wolfram
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\ProgramData\Mathematica
2018-01-27 12:30 - 2018-01-27 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica 11.2
2018-01-27 12:27 - 2018-01-27 12:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2018-01-27 12:17 - 2018-01-27 12:17 - 000000000 ____D C:\Program Files\Wolfram Research
2018-01-27 12:00 - 2018-01-27 12:03 - 000000000 ____D C:\Users\Administrator\Downloads\M-WIN-L-11.2.0-5822651
2018-01-27 12:00 - 2018-01-27 12:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wolfram Research
2018-01-18 14:27 - 2018-01-18 14:27 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-01-18 14:27 - 2018-01-18 14:27 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-01-18 14:27 - 2018-01-18 14:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-13 17:21 - 2017-01-04 21:53 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-02-13 17:06 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-13 17:02 - 2015-11-02 13:24 - 002859046 _____ C:\Windows\ntbtlog.txt
2018-02-13 17:02 - 2009-07-14 05:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-13 17:02 - 2009-07-14 05:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-13 17:01 - 2016-08-27 20:44 - 000000994 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-02-13 17:01 - 2016-08-27 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-02-13 16:53 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-13 16:41 - 2015-11-01 10:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-13 16:24 - 2016-02-18 11:21 - 000001509 _____ C:\DelFix.txt
2018-02-13 13:30 - 2016-11-19 14:58 - 000000000 ____D C:\Users\juergen2\AppData\LocalLow\Mozilla
2018-02-13 09:11 - 2017-01-04 18:02 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\gnupg
2018-02-11 22:29 - 2015-10-31 22:30 - 000000000 ____D C:\datas
2018-02-11 11:46 - 2009-07-14 06:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-10 21:00 - 2017-01-04 14:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2018-02-10 12:54 - 2015-10-31 22:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-10 07:54 - 2017-08-26 17:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-08 19:53 - 2015-11-01 11:12 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\vlc
2018-02-08 16:03 - 2015-12-21 20:28 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-08 16:02 - 2017-10-30 10:23 - 000002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-02-07 12:49 - 2016-07-15 12:40 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-07 06:27 - 2016-08-18 13:38 - 000000981 _____ C:\Users\juergen2\Desktop\PARI.lnk
2018-02-07 05:35 - 2015-10-31 22:01 - 000000000 ____D C:\Users\juergen2
2018-02-06 18:41 - 2017-01-03 13:31 - 000000000 ____D C:\Users\Administrator
2018-02-06 18:36 - 2015-11-01 09:41 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-06 18:30 - 2015-11-01 09:39 - 000000000 ____D C:\AMD
2018-02-06 14:06 - 2015-10-31 22:15 - 000065744 _____ C:\Users\juergen2\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-06 12:17 - 2017-01-03 13:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-02-06 11:39 - 2017-01-03 13:33 - 000065744 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-06 11:38 - 2009-07-14 05:45 - 000291024 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-06 09:46 - 2009-07-14 04:20 - 000000000 __RSD C:\Windows\Media
2018-02-06 08:54 - 2016-05-16 15:01 - 000000000 ____D C:\Program Files\TrueKey
2018-02-06 08:50 - 2015-12-21 20:28 - 000000000 ____D C:\Users\juergen2\AppData\Local\Google
2018-02-06 08:47 - 2016-10-02 17:45 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\NCH Software
2018-02-05 20:47 - 2017-05-10 13:31 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Electrum
2018-02-05 18:04 - 2015-11-13 17:07 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\IrfanView
2018-02-05 16:25 - 2016-11-18 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-02-05 13:03 - 2015-11-01 08:53 - 000000000 ____D C:\xampp
2018-02-04 12:23 - 2017-11-16 22:48 - 000000000 ____D C:\Users\juergen2\AppData\Local\CrashDumps
2018-02-03 16:54 - 2015-11-14 12:57 - 000075264 _____ C:\Users\juergen2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-03 15:38 - 2016-02-24 19:10 - 000000000 ____D C:\div
2018-02-03 15:07 - 2016-01-24 16:00 - 000000000 ____D C:\Users\juergen2\AppData\Local\QuickPar
2018-02-02 11:04 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-01 08:16 - 2016-10-09 09:50 - 000000000 ____D C:\Windows\Minidump
2018-01-31 22:34 - 2016-08-18 19:24 - 000000000 ____D C:\tmp
2018-01-31 22:19 - 2016-08-18 13:37 - 000000000 ____D C:\Program Files (x86)\Pari-2-7-6
2018-01-30 20:56 - 2015-11-01 10:23 - 000000000 ____D C:\Users\juergen2\AppData\Local\Adobe
2018-01-30 20:47 - 2016-02-17 17:00 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-30 20:47 - 2015-11-01 10:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-28 21:35 - 2015-11-15 10:42 - 000000000 ____D C:\vhd
2018-01-26 12:50 - 2015-11-15 10:22 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\gnupg
2018-01-25 00:48 - 2017-06-30 15:19 - 000004100 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1498067933
2018-01-23 19:58 - 2010-11-21 04:27 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-01-19 14:22 - 2015-11-01 09:42 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-18 14:27 - 2016-05-12 18:47 - 000001945 _____ C:\Windows\epplauncher.mif
2018-01-18 14:04 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-15 11:23 - 2017-12-10 15:05 - 000001302 _____ C:\Users\Public\Desktop\Skype.lnk
2018-01-15 11:23 - 2017-12-10 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== Files in the root of some directories =======

2017-07-20 19:34 - 2017-07-20 19:34 - 000003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-07 12:31

==================== End of FRST.txt ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Administrator (13-02-2018 17:45:50)
Running from D:\backupMaxtor80gb\data\FRSTData
Windows 7 Professional Service Pack 1 (X64) (2015-10-31 21:00:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-963683855-2343051469-89585254-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-963683855-2343051469-89585254-501 - Limited - Disabled)
juergen2 (S-1-5-21-963683855-2343051469-89585254-1000 - Administrator - Enabled) => C:\Users\juergen2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Accelerated Video Transcoding (HKLM\...\{F15287C6-10E3-1676-AF50-CB0355A302F1}) (Version: 2.00.0002 - Advanced Micro Devices, Inc.)
AMD APP SDK Runtime (HKLM\...\{503F672D-6C84-448A-8F8F-4BC35AC83441}) (Version: 10.0.873.1 - Advanced Micro Devices Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (HKLM\...\{CF84CD21-FC52-857E-AF41-9DEE9C76D245}) (Version: 2.00.0000 - Advanced Micro Devices, Inc.)
AMD Fuel (HKLM\...\{AA20E9E6-96D0-C201-E44D-F7D921F595FD}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
AMD USB 3.0 Device Detector (HKLM\...\{F5733897-B788-4AB1-B399-166A9FBB47A8}) (Version: 2.1.30.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (HKLM\...\{630E5EF7-72F8-9E5D-BEF5-ED85B698E160}) (Version: 1.0.0.15 - Advanced Micro Devices, Inc.)
Arasan 20.2 (HKLM-x32\...\Arasan_is1) (Version:  - )
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
BCWipe 6.0 (HKLM-x32\...\BCWipe) (Version: 6.08.3 - Jetico Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Catalyst Control Center Graphics Previews Common (HKLM-x32\...\{9114BDDB-A6A6-152D-060A-E99307057AD1}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Catalyst Control Center Localization All (HKLM-x32\...\{315D9E6B-98B1-1E2B-9E93-B36A0B104224}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Standard (HKLM-x32\...\{703F229F-573E-10E7-3B44-341DB59AD86B}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Traditional (HKLM-x32\...\{489E5436-B101-CAD9-5571-14746675ECE3}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Czech (HKLM-x32\...\{BBA1614E-6470-7841-8A42-ABD5BA7B3FFE}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Danish (HKLM-x32\...\{AA0E1433-8F16-AA01-E8E9-E6408579D0D8}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Dutch (HKLM-x32\...\{504819D1-3C0A-2695-0007-BBDFA5936D68}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help English (HKLM-x32\...\{6C495748-5F03-0B97-568B-76D0368FB460}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Finnish (HKLM-x32\...\{D9CBA021-DB41-9736-923F-52E3E426912D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help French (HKLM-x32\...\{B03A580A-5D67-DAC5-59A1-7AD7C513381C}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help German (HKLM-x32\...\{69DF4822-9B16-CE04-7587-22E09FB5FD1D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Greek (HKLM-x32\...\{968C0E92-6DA9-5784-9A0B-1061D0CB2C14}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Hungarian (HKLM-x32\...\{11BC8F83-7260-65EB-3E0A-FA7AC894B42D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Italian (HKLM-x32\...\{FE4DC915-D724-E72C-EF86-DC5B89961ACF}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Japanese (HKLM-x32\...\{C9353DBC-A47C-2C9B-AF32-5E2C8B4E3D3A}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Korean (HKLM-x32\...\{37DBC990-C514-3821-D6FB-12E0745AA990}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Norwegian (HKLM-x32\...\{79E3071B-8A0C-C105-6442-CF611732601E}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Polish (HKLM-x32\...\{A12E8E1A-A77D-94E5-72F8-E83D6256AF11}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Portuguese (HKLM-x32\...\{AD5E3969-F0C0-ECBF-45E5-C36B84904281}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Russian (HKLM-x32\...\{CFA2067C-AE90-3BF9-06AF-E7E65E679B3D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Spanish (HKLM-x32\...\{110E4EE7-85A9-B76B-B943-C0C1CF0C2F74}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Swedish (HKLM-x32\...\{42A97797-A255-49F9-4250-D58A9CEA2904}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Thai (HKLM-x32\...\{31BC0B51-0676-A531-3940-1818B609EEA7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Turkish (HKLM-x32\...\{9DB45EC2-90E7-642D-7CF9-5AC2FBDC14F7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
ccc-utility64 (HKLM\...\{C3463F9A-E635-02E0-C351-41D16074E202}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Convert XLS (HKLM-x32\...\Convert XLS_is1) (Version:  - Softinterface, Inc.)
CrystalDiskInfo 7.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World)
Dr. Hardware 2015 15.5d (HKLM-x32\...\Dr. Hardware 2015_is1) (Version:  - Peter A. Gebhard)
Electrum (HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\Electrum) (Version: 2.8.2 - Electrum Technologies GmbH)
Free Pascal 3.0.0 (HKLM-x32\...\FreePascal_is1) (Version:  - Free Pascal Team)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.195.0 - International GeoGebra Institute)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (2.3.3) (HKLM-x32\...\GPG4Win) (Version: 2.3.3 - The Gpg4win Project)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
GUI Turbo Assembler Ver 3.0.1 (HKLM-x32\...\{F522C947-52FA-4C01-B933-16292944E000}) (Version: 3.0.1 - Lakhya's Innovation Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.135.1 - Intel Security)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Lazarus 1.6.2 (HKLM\...\lazarus_is1) (Version: 1.6.2 - Lazarus Team)
MailWasherPro (HKLM-x32\...\{D16B61A0-A55E-47A9-BA73-8A5E92C26DB2}) (Version: 7.11.05 - Firetrust)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
ManyCam 5.3.0 (HKLM-x32\...\ManyCam) (Version: 5.3.0 - Visicom Media Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 de) (HKLM\...\Mozilla Firefox 58.0.2 (x64 de)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Opera Stable 50.0.2762.67 (HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\Opera 50.0.2762.67) (Version: 50.0.2762.67 - Opera Software)
Pari-2-7-6 (remove only) (HKLM-x32\...\Pari-2-7-6) (Version:  - )
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PilotEdit Lite 10.7.0 (HKLM-x32\...\PilotEdit Lite_is1) (Version:  - )
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Scid vs PC 4.16 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.16 - Steven Atkinson)
SharpKeys (HKLM\...\{F6908C45-459A-4332-A3F2-03DAAB64939D}) (Version: 3.6.0000 - RandyRants.com)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Skype version 8.13 (HKLM-x32\...\Skype_is1) (Version: 8.13 - Skype Technologies S.A.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Web Companion (HKLM-x32\...\{37c882f6-40f7-46a4-9ccb-8e2808e1a79e}) (Version: 2.4.1558.3001 - Lavasoft)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wolfram Mathematica 11.2 (M-WIN-L 11.2.0 5822651) (HKLM\...\M-WIN-L 11.2.0 5822651_is1) (Version: 11.2.0 - Wolfram Research, Inc.)
Wondershare Data Recovery(Build 6.5.1.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.5.1.5 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version:  - )
Xilinx Design Tools Vivado HL WebPACK 2016.3 (C:\Xilinx) (HKLM\...\Xilinx_Vivado HL WebPACK_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx DocNav (C:\Xilinx) (HKLM\...\Xilinx_DocNav_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx Information Center (C:\Xilinx) (HKLM\...\Xilinx_Xilinx Information Center_2016.3#0) (Version: 2016.3 - Xilinx Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] ()
ContextMenuHandlers1: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers1: [PilotEdit] -> {277B9550-37E2-47DE-B533-89A1EBD82DB9} => C:\Program Files (x86)\PilotEdit Lite\EShell_x64.dll [2013-01-01] (PilotEdit)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16B2D2AF-ED8D-4756-96D7-FF39E5C6A185} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {1FB3732E-9592-444D-A701-81DF304F14A9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe
Task: {21022CE6-BFE7-40E7-AAFA-15A6CC72356B} - System32\Tasks\{E140102B-F244-4775-9758-5FA77AFD8886} => C:\Windows\system32\pcalua.exe -a "C:\Users\juergen2\Downloads\chromeinstall-8u77 (1).exe" -d C:\Users\juergen2\Downloads
Task: {213D38E2-E0E5-4EFB-88BC-AC61BF33552B} - System32\Tasks\{849B1E16-7952-40E5-887E-DAAD93154E62} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\putty.exe -d D:\backupMaxtor80gb\data
Task: {22DA9795-90BD-4731-AB6A-BD01A662D2F9} - System32\Tasks\{9C6CF1E7-9264-4314-BC30-F7778072B17B} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\wlsetup3528-all.exe -d d:\backupMaxtor80gb\data\
Task: {3B11371B-11AB-415E-8185-32A4F05C4B0F} - System32\Tasks\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB} => C:\Windows\system32\pcalua.exe -a C:\camel\SilkroadOnlineGlobal_Official_v1_486.exe -d c:\camel\
Task: {4ADE3327-7150-4BB8-87C3-76601FC67879} - System32\Tasks\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\i2pinstall_0.9.30_windows.exe -d D:\backupMaxtor80gb\data
Task: {6ADA2DE3-F929-4442-BCBE-E1D403613F2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
Task: {70FC73DB-5C4F-4CB5-9833-76B9D3A491A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {A6D9A0B3-82A7-4937-910D-C86CC1F2F571} - System32\Tasks\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343} => C:\Windows\system32\pcalua.exe -a C:\datas\jxpiinstall(4).exe -d C:\datas
Task: {AD24AC21-72E8-4AFB-8BA6-BC0413019E02} - System32\Tasks\Opera scheduled Autoupdate 1498067933 => C:\Users\juergen2\AppData\Local\Programs\Opera\launcher.exe [2018-01-22] (Opera Software)
Task: {BE9E6706-8A73-4F34-8BC7-F4B899EDF1C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {DAC363AC-634F-4411-8C93-334B4E476B58} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {E302C505-2A7A-4384-87A8-489CE462BC3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F4DDD129-C6FA-4772-AC2D-CE369BA97A92} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {F6F30DFE-BB87-4833-A1E0-CEE92CCDEE3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-08-04 00:25 - 2015-08-04 00:25 - 000214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2016-08-18 09:27 - 2016-08-18 09:27 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2018-02-10 21:01 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-01 02:07 - 2018-01-01 02:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 000102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-02-13 17:14 - 2018-02-06 18:41 - 000061362 _____ () C:\Users\Administrator\AppData\Local\Temp\~nsu.tmp\Au_.exe
2016-08-18 09:14 - 2016-08-18 09:14 - 000222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-08-18 09:09 - 2016-08-18 09:09 - 000103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-08-18 09:03 - 2016-08-18 09:03 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-08-18 09:14 - 2016-08-18 09:14 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-08-18 09:17 - 2016-08-18 09:17 - 000751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2018-01-01 02:07 - 2018-01-01 02:07 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-02-10 18:45 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\Control Panel\Desktop\\Wallpaper -> C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-963683855-2343051469-89585254-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-963683855-2343051469-89585254-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170301201\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BCWipeSvc => 2
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: vssbrigde64 => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^juergen2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.lnk => C:\Windows\pss\MailWasherPro.lnk.Startup
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr Inc\Raptr\raptrstub.exe --startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E08E8243-C2A1-4221-90A7-14736621DBE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EA08C55-5310-4A9E-8ABB-32F4A49FF91B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97587CB0-9EAA-4B76-AE0F-849E608FE32D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{81373308-C4D3-45DA-ABFB-9FF3613C6D5D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{27E94056-EE89-40C2-88F9-FCDD1B8E5D43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D80E4AD5-8012-4DE4-B0FE-3695EFEBEAED}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E4AFD96A-B990-4558-B5EE-3F16F3B150B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EFF6531-5BDD-4CC8-BCE4-8C1B36A92B77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1144CB11-19E6-41BF-BAFF-C3CBF53D788E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{D076BE44-8E6B-4596-BDAA-38B73655C620}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{BA663251-09BF-4823-8DE3-357013B1B8CE}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [UDP Query User{E5E54FE6-C09E-4ABB-90E3-E86CBF75A6F2}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [TCP Query User{3562059C-09AD-49C5-B7A8-F01122A24FF9}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{F0D6FC0B-D3F6-4346-A980-F46D4C9D1B96}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{98C9BD54-7195-421F-8622-82F19A588534}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [UDP Query User{823BFEF5-2144-437C-A54B-BCCA12451298}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [TCP Query User{43DE325D-FD61-460D-842E-290A5202FB7F}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{DFCF343D-2298-479B-820C-A9D87E56AFF7}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [TCP Query User{A1496639-68D5-46B4-967E-A505FB7D9C89}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [UDP Query User{D2661694-9DE9-4B85-AA71-E76B9FE67E92}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [TCP Query User{DA6A1C4E-6658-4536-B8A6-C2F9FD65FD61}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [UDP Query User{4C306084-351A-440E-86A7-02F33064F80E}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [TCP Query User{82621B54-D4E3-4191-A32E-7FB2E966AFE0}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{FA455FFB-BB85-4880-8324-9ED51129A541}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [TCP Query User{AFDB542D-C34E-4DBA-A5E8-13FD772F4676}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{821974AD-1244-4300-8892-42C965D1C906}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [{776A7697-A9FA-4D00-AE02-02733E032793}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{179DB254-E4A7-44FD-8180-A252E383B707}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{5881A1B3-618E-4628-AF81-07C027281C34}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [UDP Query User{B1095A5C-EA19-4532-BE33-41EF9C86B1D8}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [TCP Query User{B12981FF-B265-4AD8-90CC-1CAA78AFF9D3}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{17966661-BA79-4C90-BC0D-63434C7A2A9F}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{359222EA-9F94-4EDA-A978-E08B0C015F21}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{DCC70F92-DA66-4518-B65F-551E06FAED96}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{0C48E5AD-B230-4661-BAFF-D286C90BF7ED}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{5E82995E-38F3-476B-98A0-E4055D9530E6}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{FF3B1697-47E7-4E15-A46F-14DAD9A34297}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{91BF5810-5F2B-4B0B-89A6-13C7BD7AF7E0}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [{A15FD59F-4DEB-48C5-B0AB-C560507A5BD9}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{7B27A2F1-A1C2-40B1-856F-69E72A5FDD68}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{109B94D2-FB0C-44F2-A49B-C1ABC4AE84C2}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{0E26162C-0928-4A55-BFA2-D3D7A388B22E}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{8BAD0C4F-C654-432F-8A46-8CBC4BFF20AF}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{81FA3FFE-6DEF-4F3D-871E-6120D650F375}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{E12FBEE4-11A9-4252-B72E-9DA5B9A82CDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7DA09561-F33A-4F74-AE93-BE232605E318}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C619FF61-7405-4E6D-B469-F5ED7A4CEBEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5D49AA65-E9EC-4E40-AF85-819A887C58C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{97B5B131-9D32-4BAD-8E9A-E1780ABF9A4D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{054F0F09-AE56-4599-9BA5-F86C9D31FFB5}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{A5989984-670A-4953-A4B2-97E2981C1C4E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.58\opera.exe
FirewallRules: [{51A58F52-6A7A-4F9F-A9D3-54673771201E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.67\opera.exe
FirewallRules: [{858D641F-B90B-4B90-9641-DFF96825B635}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{36275EA3-11DB-4932-AC9B-19B7D18F4C95}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{A9C5985A-EEDC-40A3-BBEC-1E2E964F227C}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{A6DED921-ACDB-4F33-8FF6-E322906C2092}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{9D3AC6F5-DD80-4C6C-AC12-2DE855E84AE0}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
FirewallRules: [{719EF127-CBDB-42E9-AA42-01703EB925AD}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
FirewallRules: [{8A616D52-4726-4DAA-B13D-3AECDF8E1BF0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{C5DF63D8-C393-4201-87DC-974405E1ACE2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{713E93FE-97C7-4D2B-97D7-78D78D86CFEB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0F40B081-88E5-48FA-A93B-F155F4F0FD0D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe

==================== Restore Points =========================

13-02-2018 16:24:13 End of disinfection
13-02-2018 16:40:08 Revo Uninstaller's restore point - Adobe Flash Player 28 NPAPI
13-02-2018 16:41:55 Revo Uninstaller's restore point - BestCrypt 9.0
13-02-2018 16:51:22 Device Driver Package Install: Jetico, Inc. BestCrypt bus controllers
13-02-2018 17:03:52 Revo Uninstaller's restore point - BestCrypt 8.0
13-02-2018 17:13:21 Revo Uninstaller's restore point - PlaysTV
13-02-2018 17:21:43 Revo Uninstaller's restore point - Raptr

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: AODDriver4.1
Description: AODDriver4.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2018 05:21:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary bcfnt.

System Error:
The system cannot find the file specified.
.

Error: (02/13/2018 05:13:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary bcfnt.

System Error:
The system cannot find the file specified.
.

Error: (02/13/2018 05:03:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2419a346-823c-4a07-866d-706ab0c5b9fa}

Error: (02/13/2018 04:55:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/13/2018 04:50:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/13/2018 04:46:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/13/2018 04:40:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {cd432ca5-719a-4765-bb3b-fd7ab6493633}

Error: (02/13/2018 04:31:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/13/2018 05:03:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (02/13/2018 04:55:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Biometric and Context Agent Service service hung on starting.

Error: (02/13/2018 04:54:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/13/2018 04:53:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error: 
The system cannot find the path specified.

Error: (02/13/2018 04:49:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
bcbus

Error: (02/13/2018 04:49:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Biometric and Context Agent Service service hung on starting.

Error: (02/13/2018 04:49:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/13/2018 04:48:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error: 
The system cannot find the path specified.


Windows Defender:
===================================
Date: 2015-11-05 16:46:24.583
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2015-11-05 06:18:26.559
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
Signature version:1.209.968.0
Engine version:1.1.6402.0

Date: 2015-11-05 06:18:07.182
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2015-11-05 07:09:53.063
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.061
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.029
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.027
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: AMD A6-3650 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 66%
Total physical RAM: 7665.37 MB
Available physical RAM: 2547.34 MB
Total Virtual: 11759.54 MB
Available Virtual: 6214.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.18 GB) (Free:181 GB) NTFS
Drive d: (neueMaxTor) (Fixed) (Total:443.23 GB) (Free:149.88 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Dritte Externe Teil 1) (Fixed) (Total:351.38 GB) (Free:50.38 GB) NTFS
Drive h: (Poops) (Fixed) (Total:347.16 GB) (Free:44.24 GB) NTFS
Drive i: (PalleMalle) (Fixed) (Total:931.51 GB) (Free:67.19 GB) NTFS
Drive j: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:31.52 GB) NTFS
Drive k: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive l: (UZFHGF) (Removable) (Total:3.73 GB) (Free:0.04 GB) FAT32

\\?\Volume{39adc126-8011-11e5-b8fa-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9A083BDB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7191D59B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=351.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=347.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 002EFF55)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 3.7 GB) (Disk ID: E929F505)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)

========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: AAE66568)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
Kleine Zusatzfrage hüstel ich habe kuerzlich Malwarebytes premium trioal installieret und jetzt popt ständig ein Fenster auf "turn on turn on".. ich sage ja und 1 minute später wieder das nervt.


Alt 14.02.2018, 10:45   #6
M-K-D-B
/// TB-Ausbilder
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Servus,



Zitat:
Zitat von juergen007 Beitrag anzeigen
Kleine Zusatzfrage hüstel ich habe kuerzlich Malwarebytes premium trioal installieret und jetzt popt ständig ein Fenster auf "turn on turn on".. ich sage ja und 1 minute später wieder das nervt.
Starte Malwarebytes' Anti-Malware, klicke rechts oben auf Mein Konto.
Wähle dort "zur kostenlosen Version wechseln" (oder so ähnlich) aus.




Zitat:
Running from D:\backupMaxtor80gb\data\FRSTData
Alle Programme sind auf dem Desktop abzuspeichern und von dort zu starten.
Siehe dazu auch meine 10 einleitenden Hinweise.


FRST nochmal bitte, dieses mal richtig.
__________________
--> OTL scan auf BKA trojaner

Alt 14.02.2018, 12:28   #7
juergen007
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by juergen2 (administrator) on JUERGEN2-PC (14-02-2018 12:18:47)
Running from C:\Users\juergen2\Desktop
Loaded Profiles: juergen2 (Available Profiles: juergen2 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Policies\Explorer: [NoThumbNailCache] 1
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\MountPoints2: {3b6eaf21-9024-11e5-b954-8c89a53586cf} - K:\LaunchU3.exe -a
HKU\S-1-5-21-963683855-2343051469-89585254-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
AppInit_DLLs-x32: hplun.dll => No File
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4F4DD125-EDDA-44BF-B378-9BAF78A43AC1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-963683855-2343051469-89585254-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-at
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037 [2018-02-14]
FF Homepage: Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037 -> hxxps://www.google.de/
FF NetworkProxy: Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037 -> http", "106.38.251.63"
FF Session Restore: Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037 -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037 -> Enabled: uBlock0@raymondhill.net
FF Extension: (Add HTTPS) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\@add-https.xpi [2018-01-30]
FF Extension: (Avira Browser Safety) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\abs@avira.com [2018-01-11]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-05-24] [Legacy]
FF Extension: (Name) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\firefox@ghostery.com.xpi [2018-02-09]
FF Extension: (HTTPS Everywhere) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\https-everywhere@eff.org.xpi [2018-01-30]
FF Extension: (Google search link fix) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2018-01-10]
FF Extension: (uBlock Origin) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\uBlock0@raymondhill.net.xpi [2018-02-14]
FF Extension: (Easy Video Downloader) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\vdpure@link64.xpi [2017-08-21]
FF Extension: (bvd2) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2017-12-02]
FF Extension: (Adblock Plus) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\{f73df109-8fb4-453e-8373-f59e61ca4da3}.xpi [2018-02-14]
FF Extension: (Adblock Edge) - C:\Users\juergen2\AppData\Roaming\Mozilla\Firefox\Profiles\pxidv9qv.default-1475719002037\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-10-06] [Legacy]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S4 BCWipeSvc; C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe [90592 2015-12-01] (Jetico, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
S4 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe" [X]
S4 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X]
S4 TrueKeyScheduler; "C:\Program Files\TrueKey\McTkSchedulerService.exe" [X]
S3 TrueKeyServiceHelper; "C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S4 BCSWAP; no ImagePath
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-02-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-02-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-14] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-02-13] (Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
S3 MftWipeFilter; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2015-11-17] (IDRIX)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2016-10-09] (Xilinx, Inc.)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U3 aswbdisk; no ImagePath
S1 bcbus; system32\DRIVERS\bcbus.sys [X]
S3 X6va037; \??\C:\Windows\SysWOW64\Drivers\X6va037 [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-14 12:18 - 2018-02-14 12:22 - 000015136 _____ C:\Users\juergen2\Desktop\FRST.txt
2018-02-14 12:18 - 2018-02-13 17:44 - 002405376 _____ (Farbar) C:\Users\juergen2\Desktop\FRST64.exe
2018-02-14 11:27 - 2018-02-14 11:27 - 000000021 _____ C:\Windows\S.dirmngr
2018-02-14 04:28 - 2018-02-10 20:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-14 04:28 - 2018-02-10 20:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-14 04:28 - 2018-02-10 09:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-14 04:28 - 2018-02-10 08:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-14 04:28 - 2018-02-10 08:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 04:28 - 2018-02-10 08:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-14 04:28 - 2018-02-10 08:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-14 04:28 - 2018-02-10 08:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-14 04:28 - 2018-02-10 08:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-14 04:28 - 2018-02-10 08:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-14 04:28 - 2018-02-10 08:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-14 04:28 - 2018-02-10 08:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-14 04:28 - 2018-02-10 08:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-14 04:28 - 2018-02-10 08:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-14 04:28 - 2018-02-10 08:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-14 04:28 - 2018-02-10 08:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-14 04:28 - 2018-02-10 08:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-14 04:28 - 2018-02-10 08:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-14 04:28 - 2018-02-10 08:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-14 04:28 - 2018-02-10 08:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 04:28 - 2018-02-10 07:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-14 04:28 - 2018-02-10 07:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-14 04:28 - 2018-02-10 07:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 04:28 - 2018-02-10 07:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-14 04:28 - 2018-02-10 07:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-14 04:28 - 2018-02-10 07:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-14 04:28 - 2018-02-10 07:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-14 04:28 - 2018-02-10 07:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-14 04:28 - 2018-02-10 07:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-14 04:28 - 2018-02-10 07:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-14 04:28 - 2018-02-10 07:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-14 04:28 - 2018-02-10 07:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-14 04:28 - 2018-02-10 07:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-14 04:28 - 2018-02-10 07:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-14 04:28 - 2018-02-10 07:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-14 04:28 - 2018-02-10 07:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-14 04:28 - 2018-02-10 07:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-14 04:28 - 2018-02-10 07:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-14 04:28 - 2018-02-10 07:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-14 04:28 - 2018-02-10 06:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-14 04:28 - 2018-02-10 06:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-14 04:28 - 2018-02-10 06:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-14 04:28 - 2018-02-10 06:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-14 04:28 - 2018-02-10 06:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-14 04:28 - 2018-02-10 06:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-14 04:28 - 2018-02-10 06:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-14 04:28 - 2018-02-10 06:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-14 04:28 - 2018-02-10 06:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-14 04:28 - 2018-02-10 06:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-14 04:28 - 2018-02-10 06:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-14 04:28 - 2018-02-10 06:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-14 04:28 - 2018-02-10 06:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-14 04:28 - 2018-02-10 06:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-14 04:28 - 2018-02-10 06:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-14 04:28 - 2018-02-10 06:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-14 04:28 - 2018-02-10 06:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-14 04:28 - 2018-02-10 06:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-14 04:28 - 2018-02-10 06:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-14 04:28 - 2018-02-10 06:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-14 04:28 - 2018-02-10 06:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-14 04:28 - 2018-02-10 06:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-14 04:28 - 2018-02-10 06:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-14 04:28 - 2018-02-10 06:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-14 04:28 - 2018-02-10 06:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-14 04:28 - 2018-02-10 06:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-14 04:28 - 2018-02-10 06:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-14 04:28 - 2018-02-10 06:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-14 04:28 - 2018-02-10 06:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-14 04:28 - 2018-01-12 17:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-14 04:28 - 2018-01-12 17:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-14 04:28 - 2018-01-12 17:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-14 04:28 - 2018-01-12 17:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-14 04:28 - 2018-01-12 17:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-14 04:28 - 2018-01-12 17:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-14 04:28 - 2018-01-12 17:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-14 04:28 - 2018-01-12 17:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-14 04:28 - 2018-01-12 17:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-14 04:28 - 2018-01-12 17:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-14 04:28 - 2018-01-12 17:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-14 04:28 - 2018-01-12 17:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-14 04:28 - 2018-01-12 17:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-14 04:28 - 2018-01-12 17:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-14 04:28 - 2018-01-12 17:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 04:28 - 2018-01-12 17:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-14 04:28 - 2018-01-12 17:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 04:28 - 2018-01-12 17:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-14 04:28 - 2018-01-12 17:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-14 04:28 - 2018-01-12 17:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-14 04:28 - 2018-01-12 17:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-14 04:28 - 2018-01-12 17:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-14 04:28 - 2018-01-12 17:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-14 04:28 - 2018-01-12 17:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-14 04:28 - 2018-01-12 17:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-14 04:28 - 2018-01-12 17:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-14 04:28 - 2018-01-12 16:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-14 04:28 - 2018-01-12 16:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-14 04:28 - 2018-01-12 16:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-14 04:28 - 2018-01-12 16:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-14 04:28 - 2018-01-12 16:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-14 04:28 - 2018-01-12 16:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 16:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 16:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 16:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 04:28 - 2018-01-11 17:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-14 04:28 - 2018-01-11 17:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-14 04:28 - 2018-01-11 17:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-14 04:28 - 2018-01-05 17:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-14 04:28 - 2018-01-05 17:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-14 04:28 - 2018-01-05 17:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-14 04:28 - 2018-01-05 17:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-14 04:28 - 2018-01-05 17:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-14 04:28 - 2018-01-05 17:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-14 04:28 - 2018-01-05 17:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-14 04:28 - 2018-01-05 16:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-14 04:28 - 2017-12-05 17:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-14 04:27 - 2018-01-22 00:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-14 04:27 - 2018-01-22 00:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-14 04:27 - 2018-01-19 15:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-13 17:43 - 2018-02-14 12:18 - 000000000 ____D C:\FRST
2018-02-13 16:30 - 2018-02-13 16:30 - 000000000 ____D C:\Users\Administrator\Documents\BCDB
2018-02-13 10:29 - 2018-02-14 11:29 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-02-12 15:51 - 2018-02-12 15:51 - 000001245 _____ C:\Users\Administrator\Desktop\malware12011544.txt
2018-02-11 10:50 - 2018-02-11 10:50 - 000000000 ____D C:\ProgramData\ATI
2018-02-10 21:58 - 2018-02-12 01:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET
2018-02-10 21:01 - 2018-02-14 11:29 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-10 21:01 - 2018-02-14 11:29 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-02-10 21:01 - 2018-02-13 10:28 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-02-10 21:01 - 2018-02-13 10:26 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-02-10 21:01 - 2018-02-10 21:01 - 000001835 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-10 21:01 - 2018-02-10 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-10 21:01 - 2018-02-10 21:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-10 21:01 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-10 18:54 - 2018-02-10 18:54 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VeraCrypt
2018-02-10 18:43 - 2018-02-10 18:43 - 000000000 _____ C:\Users\Administrator\Desktop\New Text Document.txt
2018-02-08 20:24 - 2018-02-08 20:24 - 000000000 ____D C:\My Files(juergen-PC)
2018-02-08 16:03 - 2018-02-08 16:03 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 16:03 - 2018-02-08 16:03 - 000002182 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-02-07 10:38 - 2018-02-07 10:38 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\77E7F59C.sys
2018-02-07 07:43 - 2018-02-07 07:43 - 000008189 _____ C:\Users\Administrator\Desktop\export_reply_3.nb
2018-02-07 07:41 - 2018-02-07 07:41 - 000000000 ____D C:\Users\Administrator\Desktop\mathe
2018-02-07 07:36 - 2018-02-07 07:37 - 000000000 ____D C:\Users\juergen2\Desktop\Mathe
2018-02-07 05:35 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\.QtWebEngineProcess
2018-02-07 05:35 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\.Plays.tv
2018-02-07 05:33 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Raptr
2018-02-07 05:33 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\PlaysTV
2018-02-06 19:52 - 2018-02-06 19:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\AppEx Networks
2018-02-06 18:41 - 2018-02-06 18:41 - 000000000 ____D C:\Users\Administrator\.QtWebEngineProcess
2018-02-06 18:41 - 2018-02-06 18:41 - 000000000 ____D C:\Users\Administrator\.Plays.tv
2018-02-06 18:38 - 2018-02-06 18:38 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\library_dir
2018-02-06 18:37 - 2018-02-06 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2018-02-06 18:37 - 2018-02-06 18:37 - 000000000 ____D C:\Program Files\AMD Quick Stream
2018-02-06 18:37 - 2015-04-03 01:14 - 000229056 _____ (AppEx Networks Corporation) C:\Windows\system32\Drivers\appexDrv.sys
2018-02-06 18:28 - 2018-02-06 18:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\RadeonInstaller
2018-02-06 18:27 - 2018-02-06 18:27 - 041047112 _____ (AMD Inc.) C:\Users\Administrator\Downloads\radeon-software-adrenalin-18.2.1-minimalsetup-180201_web.exe
2018-02-06 13:49 - 2018-02-06 13:49 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\656387A4.sys
2018-02-06 13:39 - 2018-02-06 13:39 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3353E5FC.sys
2018-02-06 12:25 - 2018-02-10 21:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-06 12:25 - 2018-02-06 12:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\43221302.sys
2018-02-06 09:28 - 2018-02-05 11:39 - 000001167 _____ C:\Windows\system32\Reinigung.cmd
2018-02-06 09:28 - 2017-12-24 23:03 - 000001820 _____ C:\Windows\system32\Wartung.cmd
2018-02-06 09:00 - 2018-02-06 09:03 - 000000000 ____D C:\daten
2018-02-05 23:24 - 2018-02-05 23:41 - 000000000 ___HD C:\~BCWipe.tmp
2018-02-05 18:56 - 2018-02-05 18:56 - 000739464 _____ C:\Users\juergen2\Documents\IMG_20180205_0001.pdf
2018-02-05 11:48 - 2018-02-05 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BCWipe
2018-02-05 11:47 - 2018-02-14 04:11 - 000000000 ____D C:\Program Files (x86)\Jetico
2018-02-02 15:20 - 2018-02-02 15:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\dvdcss
2018-02-02 14:52 - 2018-02-02 14:52 - 000000017 _____ C:\Users\juergen2\AppData\Local\resmon.resmoncfg
2018-02-01 13:05 - 2018-02-01 13:05 - 000001196 _____ C:\Users\Administrator\Desktop\CrystalDiskInfo.lnk
2018-02-01 13:05 - 2018-02-01 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-02-01 13:05 - 2018-02-01 13:05 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2018-02-01 12:01 - 2018-02-05 11:39 - 000001167 _____ C:\Windows\SysWOW64\Reinigung.cmd
2018-02-01 12:01 - 2017-12-24 23:03 - 000001820 _____ C:\Windows\SysWOW64\Wartung.cmd
2018-02-01 00:23 - 2018-02-01 00:23 - 000000000 ____D C:\Users\juergen2\PDF
2018-01-31 23:58 - 2018-01-31 23:58 - 000000181 _____ C:\Users\juergen2\Documents\slashesversion.gp
2018-01-31 22:17 - 2018-01-31 22:17 - 000000142 _____ C:\Users\juergen2\new2.gp
2018-01-31 22:00 - 2018-01-31 21:57 - 000000096 _____ C:\Users\juergen2\Documents\new.txt
2018-01-31 21:17 - 2018-02-01 00:12 - 000007841 _____ C:\Users\juergen2\Documents11.pdf
2018-01-30 23:39 - 2018-01-30 23:40 - 000000127 _____ C:\Users\juergen2\Documents\anmachenFilipina.txt
2018-01-30 20:47 - 2018-01-30 20:47 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Macromedia
2018-01-29 22:31 - 2018-02-04 13:04 - 000004740 _____ C:\Users\juergen2\Documents\23.txt
2018-01-29 22:11 - 2018-01-30 23:09 - 000003173 _____ C:\Users\juergen2\Documents\13.txt
2018-01-29 22:09 - 2018-01-29 22:09 - 001332457 _____ C:\Users\juergen2\Documents\1013.txt
2018-01-29 21:01 - 2018-01-29 21:58 - 000003016 _____ C:\Users\juergen2\Desktop\mmmma.txt
2018-01-28 23:59 - 2018-01-28 23:59 - 000001182 _____ C:\Users\juergen2\Desktop\MailWasherPro.lnk
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firetrust
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Firetrust
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Program Files (x86)\Firetrust
2018-01-28 23:58 - 2018-01-29 00:00 - 000000000 ____D C:\ProgramData\Firetrust
2018-01-28 12:57 - 2018-01-31 21:20 - 000000000 ____D C:\Users\juergen2\Documents\Wolfram Mathematica
2018-01-28 12:57 - 2018-01-29 19:37 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Mathematica
2018-01-28 12:57 - 2018-01-28 12:58 - 000000000 ____D C:\Users\juergen2\AppData\Local\Mathematica
2018-01-28 12:57 - 2018-01-28 12:57 - 000000000 ____D C:\Users\juergen2\AppData\Local\Wolfram
2018-01-27 12:34 - 2018-02-07 07:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mathematica
2018-01-27 12:34 - 2018-02-07 07:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mathematica
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\Users\Administrator\Documents\Wolfram Mathematica
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wolfram
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\ProgramData\Mathematica
2018-01-27 12:30 - 2018-01-27 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica 11.2
2018-01-27 12:27 - 2018-01-27 12:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2018-01-27 12:17 - 2018-01-27 12:17 - 000000000 ____D C:\Program Files\Wolfram Research
2018-01-27 12:00 - 2018-01-27 12:03 - 000000000 ____D C:\Users\Administrator\Downloads\M-WIN-L-11.2.0-5822651
2018-01-27 12:00 - 2018-01-27 12:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wolfram Research
2018-01-18 14:27 - 2018-01-18 14:27 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-01-18 14:27 - 2018-01-18 14:27 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-01-18 14:27 - 2018-01-18 14:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-14 11:38 - 2009-07-14 05:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-14 11:38 - 2009-07-14 05:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-14 11:34 - 2009-07-14 06:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-14 11:34 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-14 11:30 - 2016-11-19 14:58 - 000000000 ____D C:\Users\juergen2\AppData\LocalLow\Mozilla
2018-02-14 11:29 - 2015-11-02 13:24 - 002912586 _____ C:\Windows\ntbtlog.txt
2018-02-14 11:27 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-14 11:27 - 2009-07-14 05:45 - 000291024 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-14 11:25 - 2015-11-15 19:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-14 04:53 - 2015-11-01 12:47 - 000000000 ____D C:\Windows\system32\MRT
2018-02-14 04:49 - 2017-10-12 02:06 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-14 04:49 - 2015-11-01 12:47 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-13 22:52 - 2017-12-10 15:05 - 000001302 _____ C:\Users\Public\Desktop\Skype.lnk
2018-02-13 22:52 - 2017-12-10 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-02-13 17:21 - 2017-01-04 21:53 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-02-13 17:01 - 2016-08-27 20:44 - 000000994 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-02-13 17:01 - 2016-08-27 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-02-13 16:41 - 2015-11-01 10:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-13 16:24 - 2016-02-18 11:21 - 000001509 _____ C:\DelFix.txt
2018-02-13 09:11 - 2017-01-04 18:02 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\gnupg
2018-02-11 22:29 - 2015-10-31 22:30 - 000000000 ____D C:\datas
2018-02-10 21:00 - 2017-01-04 14:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2018-02-10 12:54 - 2015-10-31 22:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-10 07:54 - 2017-08-26 17:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-08 19:53 - 2015-11-01 11:12 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\vlc
2018-02-08 16:03 - 2015-12-21 20:28 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-08 16:02 - 2017-10-30 10:23 - 000002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-02-07 12:49 - 2016-07-15 12:40 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-07 06:27 - 2016-08-18 13:38 - 000000981 _____ C:\Users\juergen2\Desktop\PARI.lnk
2018-02-07 05:35 - 2015-10-31 22:01 - 000000000 ____D C:\Users\juergen2
2018-02-06 18:41 - 2017-01-03 13:31 - 000000000 ____D C:\Users\Administrator
2018-02-06 18:36 - 2015-11-01 09:41 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-06 18:30 - 2015-11-01 09:39 - 000000000 ____D C:\AMD
2018-02-06 14:06 - 2015-10-31 22:15 - 000065744 _____ C:\Users\juergen2\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-06 12:17 - 2017-01-03 13:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-02-06 11:39 - 2017-01-03 13:33 - 000065744 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-06 09:46 - 2009-07-14 04:20 - 000000000 __RSD C:\Windows\Media
2018-02-06 08:54 - 2016-05-16 15:01 - 000000000 ____D C:\Program Files\TrueKey
2018-02-06 08:50 - 2015-12-21 20:28 - 000000000 ____D C:\Users\juergen2\AppData\Local\Google
2018-02-06 08:47 - 2016-10-02 17:45 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\NCH Software
2018-02-05 20:47 - 2017-05-10 13:31 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Electrum
2018-02-05 18:04 - 2015-11-13 17:07 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\IrfanView
2018-02-05 16:25 - 2016-11-18 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-02-05 13:03 - 2015-11-01 08:53 - 000000000 ____D C:\xampp
2018-02-04 12:23 - 2017-11-16 22:48 - 000000000 ____D C:\Users\juergen2\AppData\Local\CrashDumps
2018-02-03 16:54 - 2015-11-14 12:57 - 000075264 _____ C:\Users\juergen2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-03 15:38 - 2016-02-24 19:10 - 000000000 ____D C:\div
2018-02-03 15:07 - 2016-01-24 16:00 - 000000000 ____D C:\Users\juergen2\AppData\Local\QuickPar
2018-02-02 11:04 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-01 08:16 - 2016-10-09 09:50 - 000000000 ____D C:\Windows\Minidump
2018-01-31 22:34 - 2016-08-18 19:24 - 000000000 ____D C:\tmp
2018-01-31 22:19 - 2016-08-18 13:37 - 000000000 ____D C:\Program Files (x86)\Pari-2-7-6
2018-01-30 20:56 - 2015-11-01 10:23 - 000000000 ____D C:\Users\juergen2\AppData\Local\Adobe
2018-01-30 20:47 - 2016-02-17 17:00 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-30 20:47 - 2015-11-01 10:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-28 21:35 - 2015-11-15 10:42 - 000000000 ____D C:\vhd
2018-01-26 12:50 - 2015-11-15 10:22 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\gnupg
2018-01-25 00:48 - 2017-06-30 15:19 - 000004100 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1498067933
2018-01-23 19:58 - 2010-11-21 04:27 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-01-19 14:22 - 2015-11-01 09:42 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-18 14:27 - 2016-05-12 18:47 - 000001945 _____ C:\Windows\epplauncher.mif
2018-01-18 14:04 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2016-03-04 22:10 - 2016-06-19 15:31 - 000000080 _____ () C:\Users\juergen2\AppData\Roaming\mBot.ini
2016-11-24 22:46 - 2017-10-30 10:35 - 000000600 _____ () C:\Users\juergen2\AppData\Roaming\winscp.rnd
2015-11-14 12:57 - 2018-02-03 16:54 - 000075264 _____ () C:\Users\juergen2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-31 15:54 - 2017-09-12 19:13 - 000000600 _____ () C:\Users\juergen2\AppData\Local\PUTTY.RND
2016-09-04 11:50 - 2016-09-04 11:50 - 000001192 _____ () C:\Users\juergen2\AppData\Local\recently-used.xbel
2018-02-02 14:52 - 2018-02-02 14:52 - 000000017 _____ () C:\Users\juergen2\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-07 12:31

==================== End of FRST.txt ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by juergen2 (14-02-2018 12:23:43)
Running from C:\Users\juergen2\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-10-31 21:00:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-963683855-2343051469-89585254-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-963683855-2343051469-89585254-501 - Limited - Disabled)
juergen2 (S-1-5-21-963683855-2343051469-89585254-1000 - Administrator - Enabled) => C:\Users\juergen2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Accelerated Video Transcoding (HKLM\...\{F15287C6-10E3-1676-AF50-CB0355A302F1}) (Version: 2.00.0002 - Advanced Micro Devices, Inc.)
AMD APP SDK Runtime (HKLM\...\{503F672D-6C84-448A-8F8F-4BC35AC83441}) (Version: 10.0.873.1 - Advanced Micro Devices Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (HKLM\...\{CF84CD21-FC52-857E-AF41-9DEE9C76D245}) (Version: 2.00.0000 - Advanced Micro Devices, Inc.)
AMD Fuel (HKLM\...\{AA20E9E6-96D0-C201-E44D-F7D921F595FD}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
AMD USB 3.0 Device Detector (HKLM\...\{F5733897-B788-4AB1-B399-166A9FBB47A8}) (Version: 2.1.30.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (HKLM\...\{630E5EF7-72F8-9E5D-BEF5-ED85B698E160}) (Version: 1.0.0.15 - Advanced Micro Devices, Inc.)
Arasan 20.2 (HKLM-x32\...\Arasan_is1) (Version:  - )
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
BCWipe 6.0 (HKLM-x32\...\BCWipe) (Version: 6.08.3 - Jetico Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Catalyst Control Center Graphics Previews Common (HKLM-x32\...\{9114BDDB-A6A6-152D-060A-E99307057AD1}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Catalyst Control Center Localization All (HKLM-x32\...\{315D9E6B-98B1-1E2B-9E93-B36A0B104224}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Standard (HKLM-x32\...\{703F229F-573E-10E7-3B44-341DB59AD86B}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Traditional (HKLM-x32\...\{489E5436-B101-CAD9-5571-14746675ECE3}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Czech (HKLM-x32\...\{BBA1614E-6470-7841-8A42-ABD5BA7B3FFE}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Danish (HKLM-x32\...\{AA0E1433-8F16-AA01-E8E9-E6408579D0D8}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Dutch (HKLM-x32\...\{504819D1-3C0A-2695-0007-BBDFA5936D68}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help English (HKLM-x32\...\{6C495748-5F03-0B97-568B-76D0368FB460}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Finnish (HKLM-x32\...\{D9CBA021-DB41-9736-923F-52E3E426912D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help French (HKLM-x32\...\{B03A580A-5D67-DAC5-59A1-7AD7C513381C}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help German (HKLM-x32\...\{69DF4822-9B16-CE04-7587-22E09FB5FD1D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Greek (HKLM-x32\...\{968C0E92-6DA9-5784-9A0B-1061D0CB2C14}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Hungarian (HKLM-x32\...\{11BC8F83-7260-65EB-3E0A-FA7AC894B42D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Italian (HKLM-x32\...\{FE4DC915-D724-E72C-EF86-DC5B89961ACF}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Japanese (HKLM-x32\...\{C9353DBC-A47C-2C9B-AF32-5E2C8B4E3D3A}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Korean (HKLM-x32\...\{37DBC990-C514-3821-D6FB-12E0745AA990}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Norwegian (HKLM-x32\...\{79E3071B-8A0C-C105-6442-CF611732601E}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Polish (HKLM-x32\...\{A12E8E1A-A77D-94E5-72F8-E83D6256AF11}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Portuguese (HKLM-x32\...\{AD5E3969-F0C0-ECBF-45E5-C36B84904281}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Russian (HKLM-x32\...\{CFA2067C-AE90-3BF9-06AF-E7E65E679B3D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Spanish (HKLM-x32\...\{110E4EE7-85A9-B76B-B943-C0C1CF0C2F74}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Swedish (HKLM-x32\...\{42A97797-A255-49F9-4250-D58A9CEA2904}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Thai (HKLM-x32\...\{31BC0B51-0676-A531-3940-1818B609EEA7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Turkish (HKLM-x32\...\{9DB45EC2-90E7-642D-7CF9-5AC2FBDC14F7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
ccc-utility64 (HKLM\...\{C3463F9A-E635-02E0-C351-41D16074E202}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Convert XLS (HKLM-x32\...\Convert XLS_is1) (Version:  - Softinterface, Inc.)
CrystalDiskInfo 7.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World)
Dr. Hardware 2015 15.5d (HKLM-x32\...\Dr. Hardware 2015_is1) (Version:  - Peter A. Gebhard)
Electrum (HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Electrum) (Version: 2.8.2 - Electrum Technologies GmbH)
Free Pascal 3.0.0 (HKLM-x32\...\FreePascal_is1) (Version:  - Free Pascal Team)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.195.0 - International GeoGebra Institute)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (2.3.3) (HKLM-x32\...\GPG4Win) (Version: 2.3.3 - The Gpg4win Project)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
GUI Turbo Assembler Ver 3.0.1 (HKLM-x32\...\{F522C947-52FA-4C01-B933-16292944E000}) (Version: 3.0.1 - Lakhya's Innovation Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.135.1 - Intel Security)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Lazarus 1.6.2 (HKLM\...\lazarus_is1) (Version: 1.6.2 - Lazarus Team)
MailWasherPro (HKLM-x32\...\{D16B61A0-A55E-47A9-BA73-8A5E92C26DB2}) (Version: 7.11.05 - Firetrust)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
ManyCam 5.3.0 (HKLM-x32\...\ManyCam) (Version: 5.3.0 - Visicom Media Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 de) (HKLM\...\Mozilla Firefox 58.0.2 (x64 de)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Opera Stable 50.0.2762.67 (HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Opera 50.0.2762.67) (Version: 50.0.2762.67 - Opera Software)
Pari-2-7-6 (remove only) (HKLM-x32\...\Pari-2-7-6) (Version:  - )
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PilotEdit Lite 10.7.0 (HKLM-x32\...\PilotEdit Lite_is1) (Version:  - )
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Scid vs PC 4.16 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.16 - Steven Atkinson)
SharpKeys (HKLM\...\{F6908C45-459A-4332-A3F2-03DAAB64939D}) (Version: 3.6.0000 - RandyRants.com)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Skype version 8.15 (HKLM-x32\...\Skype_is1) (Version: 8.15 - Skype Technologies S.A.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Web Companion (HKLM-x32\...\{37c882f6-40f7-46a4-9ccb-8e2808e1a79e}) (Version: 2.4.1558.3001 - Lavasoft)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wolfram Mathematica 11.2 (M-WIN-L 11.2.0 5822651) (HKLM\...\M-WIN-L 11.2.0 5822651_is1) (Version: 11.2.0 - Wolfram Research, Inc.)
Wondershare Data Recovery(Build 6.5.1.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.5.1.5 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version:  - )
Xilinx Design Tools Vivado HL WebPACK 2016.3 (C:\Xilinx) (HKLM\...\Xilinx_Vivado HL WebPACK_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx DocNav (C:\Xilinx) (HKLM\...\Xilinx_DocNav_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx Information Center (C:\Xilinx) (HKLM\...\Xilinx_Xilinx Information Center_2016.3#0) (Version: 2016.3 - Xilinx Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] ()
ContextMenuHandlers1: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers1: [PilotEdit] -> {277B9550-37E2-47DE-B533-89A1EBD82DB9} => C:\Program Files (x86)\PilotEdit Lite\EShell_x64.dll [2013-01-01] (PilotEdit)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FB3732E-9592-444D-A701-81DF304F14A9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe
Task: {21022CE6-BFE7-40E7-AAFA-15A6CC72356B} - System32\Tasks\{E140102B-F244-4775-9758-5FA77AFD8886} => C:\Windows\system32\pcalua.exe -a "C:\Users\juergen2\Downloads\chromeinstall-8u77 (1).exe" -d C:\Users\juergen2\Downloads
Task: {213D38E2-E0E5-4EFB-88BC-AC61BF33552B} - System32\Tasks\{849B1E16-7952-40E5-887E-DAAD93154E62} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\putty.exe -d D:\backupMaxtor80gb\data
Task: {22DA9795-90BD-4731-AB6A-BD01A662D2F9} - System32\Tasks\{9C6CF1E7-9264-4314-BC30-F7778072B17B} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\wlsetup3528-all.exe -d d:\backupMaxtor80gb\data\
Task: {3B11371B-11AB-415E-8185-32A4F05C4B0F} - System32\Tasks\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB} => C:\Windows\system32\pcalua.exe -a C:\camel\SilkroadOnlineGlobal_Official_v1_486.exe -d c:\camel\
Task: {4ADE3327-7150-4BB8-87C3-76601FC67879} - System32\Tasks\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\i2pinstall_0.9.30_windows.exe -d D:\backupMaxtor80gb\data
Task: {6ADA2DE3-F929-4442-BCBE-E1D403613F2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
Task: {70FC73DB-5C4F-4CB5-9833-76B9D3A491A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {A6D9A0B3-82A7-4937-910D-C86CC1F2F571} - System32\Tasks\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343} => C:\Windows\system32\pcalua.exe -a C:\datas\jxpiinstall(4).exe -d C:\datas
Task: {AD24AC21-72E8-4AFB-8BA6-BC0413019E02} - System32\Tasks\Opera scheduled Autoupdate 1498067933 => C:\Users\juergen2\AppData\Local\Programs\Opera\launcher.exe [2018-01-22] (Opera Software)
Task: {BE9E6706-8A73-4F34-8BC7-F4B899EDF1C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {D7EB7160-17BA-4622-81E3-07E0334AB14A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {DAC363AC-634F-4411-8C93-334B4E476B58} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {E302C505-2A7A-4384-87A8-489CE462BC3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F4DDD129-C6FA-4772-AC2D-CE369BA97A92} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {F6F30DFE-BB87-4833-A1E0-CEE92CCDEE3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\juergen2\Favorites\Downloadseite von NCH Software.lnk -> hxxp://www.nchsoftware.com/de/index.htm
Shortcut: C:\Users\juergen2\Desktop\apache_start - Shortcut.lnk -> C:\xampp\apache_start.bat ()
Shortcut: C:\Users\juergen2\Desktop\Vivado HLS 2016.3.lnk -> C:\Xilinx\Vivado_HLS\2016.3\bin\vivado_hls.bat ()
Shortcut: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilinx Design Tools\Vivado 2016.3\Vivado HLS\Vivado HLS 2016.3 Command Prompt.lnk -> C:\Xilinx\Vivado_HLS\2016.3\bin\vivado_hls_cmd.bat ()
Shortcut: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilinx Design Tools\Vivado 2016.3\Vivado HLS\Vivado HLS 2016.3.lnk -> C:\Xilinx\Vivado_HLS\2016.3\bin\vivado_hls.bat ()
Shortcut: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GAP 4.7.8\GAP 4.7.8.lnk -> C:\gap4r7\bin\gap.bat ()

ShortcutWithArgument: C:\Users\juergen2\Desktop\root@www.hzgb.org.lnk -> D:\WinSCP-5.9.2-Portable\WinSCP.exe (Martin Prikryl) -> "root%40www.hzgb.org" /Desktop /UploadIfAny
ShortcutWithArgument: C:\Users\juergen2\Desktop\Vivado 2016.3.lnk -> C:\Xilinx\Vivado\2016.3\bin\unwrapped\win64.o\vvgl.exe () -> C:\Xilinx\Vivado\2016.3\bin\vivado.bat
ShortcutWithArgument: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilinx Design Tools\Vivado 2016.3\Manage Xilinx Licenses.lnk -> C:\Xilinx\Vivado\2016.3\bin\unwrapped\win64.o\vvgl.exe () -> C:\Xilinx\Vivado\2016.3\bin\vlm.bat
ShortcutWithArgument: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilinx Design Tools\Vivado 2016.3\Vivado 2016.3 Tcl Shell.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k C:\Xilinx\Vivado\2016.3\bin\vivado.bat -mode tcl
ShortcutWithArgument: C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilinx Design Tools\Vivado 2016.3\Vivado 2016.3.lnk -> C:\Xilinx\Vivado\2016.3\bin\unwrapped\win64.o\vvgl.exe () -> C:\Xilinx\Vivado\2016.3\bin\vivado.bat

==================== Loaded Modules (Whitelisted) ==============

2015-08-04 00:25 - 2015-08-04 00:25 - 000214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2016-08-18 09:27 - 2016-08-18 09:27 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2018-02-10 21:01 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 000102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-12-19 15:36 - 2016-12-14 09:00 - 000158288 _____ () C:\totalcmd\wcmzip64.dll
2018-01-01 02:07 - 2018-01-01 02:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-08-18 09:14 - 2016-08-18 09:14 - 000222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-08-18 09:09 - 2016-08-18 09:09 - 000103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-08-18 09:03 - 2016-08-18 09:03 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-08-18 09:14 - 2016-08-18 09:14 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-08-18 09:17 - 2016-08-18 09:17 - 000751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2018-01-01 02:07 - 2018-01-01 02:07 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-02-10 18:45 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-963683855-2343051469-89585254-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BCWipeSvc => 2
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: vssbrigde64 => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^juergen2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.lnk => C:\Windows\pss\MailWasherPro.lnk.Startup
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr Inc\Raptr\raptrstub.exe --startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E08E8243-C2A1-4221-90A7-14736621DBE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EA08C55-5310-4A9E-8ABB-32F4A49FF91B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97587CB0-9EAA-4B76-AE0F-849E608FE32D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{81373308-C4D3-45DA-ABFB-9FF3613C6D5D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{27E94056-EE89-40C2-88F9-FCDD1B8E5D43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D80E4AD5-8012-4DE4-B0FE-3695EFEBEAED}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E4AFD96A-B990-4558-B5EE-3F16F3B150B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EFF6531-5BDD-4CC8-BCE4-8C1B36A92B77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1144CB11-19E6-41BF-BAFF-C3CBF53D788E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{D076BE44-8E6B-4596-BDAA-38B73655C620}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{BA663251-09BF-4823-8DE3-357013B1B8CE}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [UDP Query User{E5E54FE6-C09E-4ABB-90E3-E86CBF75A6F2}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [TCP Query User{3562059C-09AD-49C5-B7A8-F01122A24FF9}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{F0D6FC0B-D3F6-4346-A980-F46D4C9D1B96}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{98C9BD54-7195-421F-8622-82F19A588534}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [UDP Query User{823BFEF5-2144-437C-A54B-BCCA12451298}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [TCP Query User{43DE325D-FD61-460D-842E-290A5202FB7F}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{DFCF343D-2298-479B-820C-A9D87E56AFF7}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [TCP Query User{A1496639-68D5-46B4-967E-A505FB7D9C89}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [UDP Query User{D2661694-9DE9-4B85-AA71-E76B9FE67E92}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [TCP Query User{DA6A1C4E-6658-4536-B8A6-C2F9FD65FD61}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [UDP Query User{4C306084-351A-440E-86A7-02F33064F80E}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [TCP Query User{82621B54-D4E3-4191-A32E-7FB2E966AFE0}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{FA455FFB-BB85-4880-8324-9ED51129A541}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [TCP Query User{AFDB542D-C34E-4DBA-A5E8-13FD772F4676}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{821974AD-1244-4300-8892-42C965D1C906}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [{776A7697-A9FA-4D00-AE02-02733E032793}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{179DB254-E4A7-44FD-8180-A252E383B707}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{5881A1B3-618E-4628-AF81-07C027281C34}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [UDP Query User{B1095A5C-EA19-4532-BE33-41EF9C86B1D8}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [TCP Query User{B12981FF-B265-4AD8-90CC-1CAA78AFF9D3}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{17966661-BA79-4C90-BC0D-63434C7A2A9F}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{359222EA-9F94-4EDA-A978-E08B0C015F21}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{DCC70F92-DA66-4518-B65F-551E06FAED96}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{0C48E5AD-B230-4661-BAFF-D286C90BF7ED}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{5E82995E-38F3-476B-98A0-E4055D9530E6}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{FF3B1697-47E7-4E15-A46F-14DAD9A34297}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{91BF5810-5F2B-4B0B-89A6-13C7BD7AF7E0}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [{A15FD59F-4DEB-48C5-B0AB-C560507A5BD9}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{7B27A2F1-A1C2-40B1-856F-69E72A5FDD68}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{109B94D2-FB0C-44F2-A49B-C1ABC4AE84C2}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{0E26162C-0928-4A55-BFA2-D3D7A388B22E}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{8BAD0C4F-C654-432F-8A46-8CBC4BFF20AF}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{81FA3FFE-6DEF-4F3D-871E-6120D650F375}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{E12FBEE4-11A9-4252-B72E-9DA5B9A82CDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7DA09561-F33A-4F74-AE93-BE232605E318}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C619FF61-7405-4E6D-B469-F5ED7A4CEBEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5D49AA65-E9EC-4E40-AF85-819A887C58C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A5989984-670A-4953-A4B2-97E2981C1C4E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.58\opera.exe
FirewallRules: [{51A58F52-6A7A-4F9F-A9D3-54673771201E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.67\opera.exe
FirewallRules: [{858D641F-B90B-4B90-9641-DFF96825B635}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{36275EA3-11DB-4932-AC9B-19B7D18F4C95}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{A9C5985A-EEDC-40A3-BBEC-1E2E964F227C}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{A6DED921-ACDB-4F33-8FF6-E322906C2092}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{9D3AC6F5-DD80-4C6C-AC12-2DE855E84AE0}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
FirewallRules: [{719EF127-CBDB-42E9-AA42-01703EB925AD}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
FirewallRules: [{DA9DDE8A-7D1E-4CB2-B687-92FE13D0248D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{94A37815-6EB1-4CFE-9596-10C41931DA8D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

==================== Restore Points =========================

13-02-2018 16:24:13 End of disinfection
13-02-2018 16:40:08 Revo Uninstaller's restore point - Adobe Flash Player 28 NPAPI
13-02-2018 16:41:55 Revo Uninstaller's restore point - BestCrypt 9.0
13-02-2018 16:51:22 Device Driver Package Install: Jetico, Inc. BestCrypt bus controllers
13-02-2018 17:03:52 Revo Uninstaller's restore point - BestCrypt 8.0
13-02-2018 17:13:21 Revo Uninstaller's restore point - PlaysTV
13-02-2018 17:21:43 Revo Uninstaller's restore point - Raptr
14-02-2018 04:45:07 Windows Update

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: AODDriver4.1
Description: AODDriver4.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2018 11:28:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2018 11:25:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2018 04:13:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/13/2018 05:21:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary bcfnt.

System Error:
The system cannot find the file specified.
.

Error: (02/13/2018 05:13:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary bcfnt.

System Error:
The system cannot find the file specified.
.

Error: (02/13/2018 05:03:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2419a346-823c-4a07-866d-706ab0c5b9fa}

Error: (02/13/2018 04:55:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/13/2018 04:50:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/14/2018 11:30:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2018 11:28:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
bcbus

Error: (02/14/2018 11:28:59 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Biometric and Context Agent Service service hung on starting.

Error: (02/14/2018 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error: 
The system cannot find the path specified.

Error: (02/14/2018 11:25:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
bcbus

Error: (02/14/2018 11:25:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Biometric and Context Agent Service service hung on starting.

Error: (02/14/2018 11:24:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error: 
The system cannot find the path specified.

Error: (02/14/2018 04:46:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: 2018-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4076492).


Windows Defender:
===================================
Date: 2015-11-05 16:46:24.583
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2015-11-05 06:18:26.559
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
Signature version:1.209.968.0
Engine version:1.1.6402.0

Date: 2015-11-05 06:18:07.182
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2015-11-05 07:09:53.063
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.061
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.029
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.027
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: AMD A6-3650 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 65%
Total physical RAM: 7665.37 MB
Available physical RAM: 2650.63 MB
Total Virtual: 11759.54 MB
Available Virtual: 6074.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.18 GB) (Free:177.82 GB) NTFS
Drive d: (neueMaxTor) (Fixed) (Total:443.23 GB) (Free:149.88 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Dritte Externe Teil 1) (Fixed) (Total:351.38 GB) (Free:50.38 GB) NTFS
Drive h: (Poops) (Fixed) (Total:347.16 GB) (Free:44.24 GB) NTFS
Drive i: (PalleMalle) (Fixed) (Total:931.51 GB) (Free:90.22 GB) NTFS
Drive j: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:43.66 GB) NTFS

\\?\Volume{39adc126-8011-11e5-b8fa-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9A083BDB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7191D59B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=351.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=347.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 002EFF55)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: AAE66568)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         

Alt 14.02.2018, 13:40   #8
M-K-D-B
/// TB-Ausbilder
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Servus,



gut gemacht.



Wir beginnen so:




Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
    • Internet Explorer Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.





Schritt 3
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die zwei neuen Logdateien von FRST.
__________________
Gruß
M-K-D-B


Das Trojaner-Board unterstützen

Alt 14.02.2018, 21:57   #9
juergen007
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Code:
ATTFilter
# AdwCleaner 7.0.8.0 - Logfile created on Wed Feb 14 16:19:45 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 02-13-2018.2
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1268 B] - [2018/2/14 15:43:22]
C:/AdwCleaner/AdwCleaner[S0].txt - [1053 B] - [2018/2/14 15:21:13]
C:/AdwCleaner/AdwCleaner[S1].txt - [1121 B] - [2018/2/14 15:23:18]
C:/AdwCleaner/AdwCleaner[S2].txt - [1156 B] - [2018/2/14 16:5:50]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########
         
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/14/18
Scan Time: 5:14 PM
Log File: 246e4350-11a2-11e8-8211-8c89a53586cf.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3951
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: juergen2-PC\Administrator

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357441
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 36 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Administrator (administrator) on JUERGEN2-PC (14-02-2018 17:53:18)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: juergen2 & Administrator (Available Profiles: juergen2 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Users\Administrator\Desktop\adwcleaner_7.0.8.0(1).exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Policies\Explorer: [NoThumbNailCache] 1
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\MountPoints2: {3b6eaf21-9024-11e5-b954-8c89a53586cf} - K:\LaunchU3.exe -a
HKU\S-1-5-21-963683855-2343051469-89585254-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-500\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-500\...\Policies\Explorer: [NoThumbNailCache] 1
HKU\S-1-5-21-963683855-2343051469-89585254-500\...\MountPoints2: {3b6eaf21-9024-11e5-b954-8c89a53586cf} - K:\LaunchU3.exe -a
AppInit_DLLs-x32: hplun.dll => No File
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4F4DD125-EDDA-44BF-B378-9BAF78A43AC1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-963683855-2343051469-89585254-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-at
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF DefaultProfile: iv2ha52p.default-1508386149418
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 [2018-02-14]
FF Session Restore: Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 -> Disabled: _j5Members_@ext.ask.com
FF Extension: (Flash Video Downloader) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\artur.dubovoy@gmail.com.xpi [2018-02-07]
FF Extension: (ConsistentHTTPS) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\consistent-https@tanalin.com.xpi [2018-02-07]
FF Extension: (Name) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\firefox@ghostery.com.xpi [2018-02-10]
FF Extension: (HTTPS Everywhere) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\https-everywhere@eff.org.xpi [2018-02-08]
FF Extension: (AdBlock) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-02-07]
FF Extension: (Flash & Video Downloader) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\{a80bbdbb-6fd0-4ee2-ab67-47ef4ba1cede}.xpi [2018-02-07]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S4 BCWipeSvc; C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe [90592 2015-12-01] (Jetico, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
S4 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe" [X]
S4 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X]
S4 TrueKeyScheduler; "C:\Program Files\TrueKey\McTkSchedulerService.exe" [X]
S3 TrueKeyServiceHelper; "C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S4 BCSWAP; no ImagePath
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-02-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-02-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-14] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-02-13] (Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
S3 MftWipeFilter; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslcd927c4a; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{255A5C94-0C7D-4CAE-A94E-F3BDC8D94E90}\MpKslcd927c4a.sys [58120 2018-02-14] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2015-11-17] (IDRIX)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2016-10-09] (Xilinx, Inc.)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U3 aswbdisk; no ImagePath
S1 bcbus; system32\DRIVERS\bcbus.sys [X]
S3 X6va037; \??\C:\Windows\SysWOW64\Drivers\X6va037 [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-14 17:53 - 2018-02-14 17:54 - 000014891 _____ C:\Users\Administrator\Desktop\FRST.txt
2018-02-14 17:52 - 2018-02-13 17:44 - 002405376 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2018-02-14 17:02 - 2018-02-14 17:01 - 008222496 _____ (Malwarebytes) C:\Users\Administrator\Desktop\adwcleaner_7.0.8.0(1).exe
2018-02-14 16:52 - 2018-02-14 16:52 - 000000021 _____ C:\Windows\S.dirmngr
2018-02-14 16:42 - 2018-02-14 16:41 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\juergen2\Desktop\readerdc_de_xa_cra_install.exe
2018-02-14 15:58 - 2018-02-14 17:19 - 000000000 ____D C:\AdwCleaner
2018-02-14 15:58 - 2018-02-14 15:11 - 008222496 _____ (Malwarebytes) C:\Users\juergen2\Desktop\adwcleaner_7.0.8.0.exe
2018-02-14 12:23 - 2018-02-14 16:17 - 000050373 _____ C:\Users\juergen2\Desktop\Addition.txt
2018-02-14 12:18 - 2018-02-14 16:17 - 000062810 _____ C:\Users\juergen2\Desktop\FRST.txt
2018-02-14 12:18 - 2018-02-13 17:44 - 002405376 _____ (Farbar) C:\Users\juergen2\Desktop\FRST64.exe
2018-02-14 04:28 - 2018-02-10 20:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-14 04:28 - 2018-02-10 20:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-14 04:28 - 2018-02-10 09:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-14 04:28 - 2018-02-10 08:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-14 04:28 - 2018-02-10 08:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 04:28 - 2018-02-10 08:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-14 04:28 - 2018-02-10 08:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-14 04:28 - 2018-02-10 08:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-14 04:28 - 2018-02-10 08:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-14 04:28 - 2018-02-10 08:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-14 04:28 - 2018-02-10 08:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-14 04:28 - 2018-02-10 08:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-14 04:28 - 2018-02-10 08:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-14 04:28 - 2018-02-10 08:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-14 04:28 - 2018-02-10 08:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-14 04:28 - 2018-02-10 08:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-14 04:28 - 2018-02-10 08:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-14 04:28 - 2018-02-10 08:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-14 04:28 - 2018-02-10 08:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-14 04:28 - 2018-02-10 08:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 04:28 - 2018-02-10 07:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-14 04:28 - 2018-02-10 07:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-14 04:28 - 2018-02-10 07:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 04:28 - 2018-02-10 07:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-14 04:28 - 2018-02-10 07:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-14 04:28 - 2018-02-10 07:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-14 04:28 - 2018-02-10 07:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-14 04:28 - 2018-02-10 07:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-14 04:28 - 2018-02-10 07:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-14 04:28 - 2018-02-10 07:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-14 04:28 - 2018-02-10 07:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-14 04:28 - 2018-02-10 07:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-14 04:28 - 2018-02-10 07:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-14 04:28 - 2018-02-10 07:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-14 04:28 - 2018-02-10 07:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-14 04:28 - 2018-02-10 07:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-14 04:28 - 2018-02-10 07:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-14 04:28 - 2018-02-10 07:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-14 04:28 - 2018-02-10 07:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-14 04:28 - 2018-02-10 06:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-14 04:28 - 2018-02-10 06:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-14 04:28 - 2018-02-10 06:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-14 04:28 - 2018-02-10 06:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-14 04:28 - 2018-02-10 06:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-14 04:28 - 2018-02-10 06:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-14 04:28 - 2018-02-10 06:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-14 04:28 - 2018-02-10 06:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-14 04:28 - 2018-02-10 06:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-14 04:28 - 2018-02-10 06:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-14 04:28 - 2018-02-10 06:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-14 04:28 - 2018-02-10 06:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-14 04:28 - 2018-02-10 06:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-14 04:28 - 2018-02-10 06:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-14 04:28 - 2018-02-10 06:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-14 04:28 - 2018-02-10 06:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-14 04:28 - 2018-02-10 06:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-14 04:28 - 2018-02-10 06:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-14 04:28 - 2018-02-10 06:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-14 04:28 - 2018-02-10 06:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-14 04:28 - 2018-02-10 06:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-14 04:28 - 2018-02-10 06:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-14 04:28 - 2018-02-10 06:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-14 04:28 - 2018-02-10 06:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-14 04:28 - 2018-02-10 06:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-14 04:28 - 2018-02-10 06:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-14 04:28 - 2018-02-10 06:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-14 04:28 - 2018-02-10 06:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-14 04:28 - 2018-02-10 06:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-14 04:28 - 2018-01-12 17:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-14 04:28 - 2018-01-12 17:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-14 04:28 - 2018-01-12 17:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-14 04:28 - 2018-01-12 17:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-14 04:28 - 2018-01-12 17:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-14 04:28 - 2018-01-12 17:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-14 04:28 - 2018-01-12 17:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-14 04:28 - 2018-01-12 17:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-14 04:28 - 2018-01-12 17:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-14 04:28 - 2018-01-12 17:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-14 04:28 - 2018-01-12 17:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-14 04:28 - 2018-01-12 17:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-14 04:28 - 2018-01-12 17:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-14 04:28 - 2018-01-12 17:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-14 04:28 - 2018-01-12 17:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 04:28 - 2018-01-12 17:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-14 04:28 - 2018-01-12 17:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 04:28 - 2018-01-12 17:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-14 04:28 - 2018-01-12 17:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-14 04:28 - 2018-01-12 17:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-14 04:28 - 2018-01-12 17:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-14 04:28 - 2018-01-12 17:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-14 04:28 - 2018-01-12 17:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-14 04:28 - 2018-01-12 17:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-14 04:28 - 2018-01-12 17:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-14 04:28 - 2018-01-12 17:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-14 04:28 - 2018-01-12 16:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-14 04:28 - 2018-01-12 16:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-14 04:28 - 2018-01-12 16:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-14 04:28 - 2018-01-12 16:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-14 04:28 - 2018-01-12 16:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-14 04:28 - 2018-01-12 16:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 16:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 16:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 16:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 04:28 - 2018-01-11 17:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-14 04:28 - 2018-01-11 17:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-14 04:28 - 2018-01-11 17:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-14 04:28 - 2018-01-05 17:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-14 04:28 - 2018-01-05 17:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-14 04:28 - 2018-01-05 17:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-14 04:28 - 2018-01-05 17:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-14 04:28 - 2018-01-05 17:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-14 04:28 - 2018-01-05 17:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-14 04:28 - 2018-01-05 17:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-14 04:28 - 2018-01-05 16:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-14 04:28 - 2017-12-05 17:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-14 04:27 - 2018-01-22 00:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-14 04:27 - 2018-01-22 00:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-14 04:27 - 2018-01-19 15:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-13 17:43 - 2018-02-14 17:53 - 000000000 ____D C:\FRST
2018-02-13 16:30 - 2018-02-13 16:30 - 000000000 ____D C:\Users\Administrator\Documents\BCDB
2018-02-13 10:29 - 2018-02-14 16:54 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-02-12 15:51 - 2018-02-12 15:51 - 000001245 _____ C:\Users\Administrator\Desktop\malware12011544.txt
2018-02-11 10:50 - 2018-02-11 10:50 - 000000000 ____D C:\ProgramData\ATI
2018-02-10 21:58 - 2018-02-12 01:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET
2018-02-10 21:01 - 2018-02-14 16:54 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-10 21:01 - 2018-02-14 16:54 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-02-10 21:01 - 2018-02-13 10:28 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-02-10 21:01 - 2018-02-13 10:26 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-02-10 21:01 - 2018-02-10 21:01 - 000001835 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-10 21:01 - 2018-02-10 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-10 21:01 - 2018-02-10 21:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-10 21:01 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-10 18:54 - 2018-02-10 18:54 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VeraCrypt
2018-02-10 18:43 - 2018-02-10 18:43 - 000000000 _____ C:\Users\Administrator\Desktop\New Text Document.txt
2018-02-08 20:24 - 2018-02-08 20:24 - 000000000 ____D C:\My Files(juergen-PC)
2018-02-08 16:03 - 2018-02-08 16:03 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 16:03 - 2018-02-08 16:03 - 000002182 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-02-07 10:38 - 2018-02-07 10:38 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\77E7F59C.sys
2018-02-07 07:43 - 2018-02-07 07:43 - 000008189 _____ C:\Users\Administrator\Desktop\export_reply_3.nb
2018-02-07 07:41 - 2018-02-07 07:41 - 000000000 ____D C:\Users\Administrator\Desktop\mathe
2018-02-07 07:36 - 2018-02-07 07:37 - 000000000 ____D C:\Users\juergen2\Desktop\Mathe
2018-02-07 05:35 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\.QtWebEngineProcess
2018-02-07 05:35 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\.Plays.tv
2018-02-07 05:33 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Raptr
2018-02-07 05:33 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\PlaysTV
2018-02-06 19:52 - 2018-02-06 19:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\AppEx Networks
2018-02-06 18:41 - 2018-02-06 18:41 - 000000000 ____D C:\Users\Administrator\.QtWebEngineProcess
2018-02-06 18:41 - 2018-02-06 18:41 - 000000000 ____D C:\Users\Administrator\.Plays.tv
2018-02-06 18:38 - 2018-02-06 18:38 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\library_dir
2018-02-06 18:37 - 2018-02-06 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2018-02-06 18:37 - 2018-02-06 18:37 - 000000000 ____D C:\Program Files\AMD Quick Stream
2018-02-06 18:37 - 2015-04-03 01:14 - 000229056 _____ (AppEx Networks Corporation) C:\Windows\system32\Drivers\appexDrv.sys
2018-02-06 18:28 - 2018-02-06 18:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\RadeonInstaller
2018-02-06 18:27 - 2018-02-06 18:27 - 041047112 _____ (AMD Inc.) C:\Users\Administrator\Downloads\radeon-software-adrenalin-18.2.1-minimalsetup-180201_web.exe
2018-02-06 13:49 - 2018-02-06 13:49 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\656387A4.sys
2018-02-06 13:39 - 2018-02-06 13:39 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3353E5FC.sys
2018-02-06 12:25 - 2018-02-10 21:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-06 12:25 - 2018-02-06 12:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\43221302.sys
2018-02-06 09:28 - 2018-02-05 11:39 - 000001167 _____ C:\Windows\system32\Reinigung.cmd
2018-02-06 09:28 - 2017-12-24 23:03 - 000001820 _____ C:\Windows\system32\Wartung.cmd
2018-02-06 09:00 - 2018-02-06 09:03 - 000000000 ____D C:\daten
2018-02-05 23:24 - 2018-02-05 23:41 - 000000000 ___HD C:\~BCWipe.tmp
2018-02-05 18:56 - 2018-02-05 18:56 - 000739464 _____ C:\Users\juergen2\Documents\IMG_20180205_0001.pdf
2018-02-05 11:48 - 2018-02-05 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BCWipe
2018-02-05 11:47 - 2018-02-14 04:11 - 000000000 ____D C:\Program Files (x86)\Jetico
2018-02-02 15:20 - 2018-02-02 15:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\dvdcss
2018-02-02 14:52 - 2018-02-02 14:52 - 000000017 _____ C:\Users\juergen2\AppData\Local\resmon.resmoncfg
2018-02-01 13:05 - 2018-02-01 13:05 - 000001196 _____ C:\Users\Administrator\Desktop\CrystalDiskInfo.lnk
2018-02-01 13:05 - 2018-02-01 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-02-01 13:05 - 2018-02-01 13:05 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2018-02-01 12:01 - 2018-02-05 11:39 - 000001167 _____ C:\Windows\SysWOW64\Reinigung.cmd
2018-02-01 12:01 - 2017-12-24 23:03 - 000001820 _____ C:\Windows\SysWOW64\Wartung.cmd
2018-02-01 00:23 - 2018-02-01 00:23 - 000000000 ____D C:\Users\juergen2\PDF
2018-01-31 23:58 - 2018-01-31 23:58 - 000000181 _____ C:\Users\juergen2\Documents\slashesversion.gp
2018-01-31 22:17 - 2018-01-31 22:17 - 000000142 _____ C:\Users\juergen2\new2.gp
2018-01-31 22:00 - 2018-01-31 21:57 - 000000096 _____ C:\Users\juergen2\Documents\new.txt
2018-01-31 21:17 - 2018-02-01 00:12 - 000007841 _____ C:\Users\juergen2\Documents11.pdf
2018-01-30 23:39 - 2018-01-30 23:40 - 000000127 _____ C:\Users\juergen2\Documents\anmachenFilipina.txt
2018-01-30 20:47 - 2018-01-30 20:47 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Macromedia
2018-01-29 22:31 - 2018-02-04 13:04 - 000004740 _____ C:\Users\juergen2\Documents\23.txt
2018-01-29 22:11 - 2018-01-30 23:09 - 000003173 _____ C:\Users\juergen2\Documents\13.txt
2018-01-29 22:09 - 2018-01-29 22:09 - 001332457 _____ C:\Users\juergen2\Documents\1013.txt
2018-01-29 21:01 - 2018-01-29 21:58 - 000003016 _____ C:\Users\juergen2\Desktop\mmmma.txt
2018-01-28 23:59 - 2018-01-28 23:59 - 000001182 _____ C:\Users\juergen2\Desktop\MailWasherPro.lnk
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firetrust
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Firetrust
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Program Files (x86)\Firetrust
2018-01-28 23:58 - 2018-01-29 00:00 - 000000000 ____D C:\ProgramData\Firetrust
2018-01-28 12:57 - 2018-01-31 21:20 - 000000000 ____D C:\Users\juergen2\Documents\Wolfram Mathematica
2018-01-28 12:57 - 2018-01-29 19:37 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Mathematica
2018-01-28 12:57 - 2018-01-28 12:58 - 000000000 ____D C:\Users\juergen2\AppData\Local\Mathematica
2018-01-28 12:57 - 2018-01-28 12:57 - 000000000 ____D C:\Users\juergen2\AppData\Local\Wolfram
2018-01-27 12:34 - 2018-02-07 07:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mathematica
2018-01-27 12:34 - 2018-02-07 07:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mathematica
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\Users\Administrator\Documents\Wolfram Mathematica
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wolfram
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\ProgramData\Mathematica
2018-01-27 12:30 - 2018-01-27 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica 11.2
2018-01-27 12:27 - 2018-01-27 12:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2018-01-27 12:17 - 2018-01-27 12:17 - 000000000 ____D C:\Program Files\Wolfram Research
2018-01-27 12:00 - 2018-01-27 12:03 - 000000000 ____D C:\Users\Administrator\Downloads\M-WIN-L-11.2.0-5822651
2018-01-27 12:00 - 2018-01-27 12:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wolfram Research
2018-01-18 14:27 - 2018-01-18 14:27 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-01-18 14:27 - 2018-01-18 14:27 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-01-18 14:27 - 2018-01-18 14:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-14 17:05 - 2015-11-02 13:24 - 002948082 _____ C:\Windows\ntbtlog.txt
2018-02-14 17:02 - 2009-07-14 05:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-14 17:02 - 2009-07-14 05:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-14 16:57 - 2017-01-04 21:53 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-02-14 16:52 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-14 16:45 - 2016-11-19 14:58 - 000000000 ____D C:\Users\juergen2\AppData\LocalLow\Mozilla
2018-02-14 12:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-14 11:34 - 2009-07-14 06:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-14 11:27 - 2009-07-14 05:45 - 000291024 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-14 11:25 - 2015-11-15 19:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-14 04:53 - 2015-11-01 12:47 - 000000000 ____D C:\Windows\system32\MRT
2018-02-14 04:49 - 2017-10-12 02:06 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-14 04:49 - 2015-11-01 12:47 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-13 22:52 - 2017-12-10 15:05 - 000001302 _____ C:\Users\Public\Desktop\Skype.lnk
2018-02-13 22:52 - 2017-12-10 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-02-13 17:01 - 2016-08-27 20:44 - 000000994 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-02-13 17:01 - 2016-08-27 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-02-13 16:41 - 2015-11-01 10:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-13 16:24 - 2016-02-18 11:21 - 000001509 _____ C:\DelFix.txt
2018-02-13 09:11 - 2017-01-04 18:02 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\gnupg
2018-02-11 22:29 - 2015-10-31 22:30 - 000000000 ____D C:\datas
2018-02-10 21:00 - 2017-01-04 14:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2018-02-10 12:54 - 2015-10-31 22:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-10 07:54 - 2017-08-26 17:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-08 19:53 - 2015-11-01 11:12 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\vlc
2018-02-08 16:03 - 2015-12-21 20:28 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-08 16:02 - 2017-10-30 10:23 - 000002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-02-07 12:49 - 2016-07-15 12:40 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-07 06:27 - 2016-08-18 13:38 - 000000981 _____ C:\Users\juergen2\Desktop\PARI.lnk
2018-02-07 05:35 - 2015-10-31 22:01 - 000000000 ____D C:\Users\juergen2
2018-02-06 18:41 - 2017-01-03 13:31 - 000000000 ____D C:\Users\Administrator
2018-02-06 18:36 - 2015-11-01 09:41 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-06 18:30 - 2015-11-01 09:39 - 000000000 ____D C:\AMD
2018-02-06 14:06 - 2015-10-31 22:15 - 000065744 _____ C:\Users\juergen2\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-06 12:17 - 2017-01-03 13:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-02-06 11:39 - 2017-01-03 13:33 - 000065744 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-06 09:46 - 2009-07-14 04:20 - 000000000 __RSD C:\Windows\Media
2018-02-06 08:54 - 2016-05-16 15:01 - 000000000 ____D C:\Program Files\TrueKey
2018-02-06 08:50 - 2015-12-21 20:28 - 000000000 ____D C:\Users\juergen2\AppData\Local\Google
2018-02-06 08:47 - 2016-10-02 17:45 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\NCH Software
2018-02-05 20:47 - 2017-05-10 13:31 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Electrum
2018-02-05 18:04 - 2015-11-13 17:07 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\IrfanView
2018-02-05 16:25 - 2016-11-18 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-02-05 13:03 - 2015-11-01 08:53 - 000000000 ____D C:\xampp
2018-02-04 12:23 - 2017-11-16 22:48 - 000000000 ____D C:\Users\juergen2\AppData\Local\CrashDumps
2018-02-03 16:54 - 2015-11-14 12:57 - 000075264 _____ C:\Users\juergen2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-03 15:38 - 2016-02-24 19:10 - 000000000 ____D C:\div
2018-02-03 15:07 - 2016-01-24 16:00 - 000000000 ____D C:\Users\juergen2\AppData\Local\QuickPar
2018-02-02 11:04 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-01 08:16 - 2016-10-09 09:50 - 000000000 ____D C:\Windows\Minidump
2018-01-31 22:34 - 2016-08-18 19:24 - 000000000 ____D C:\tmp
2018-01-31 22:19 - 2016-08-18 13:37 - 000000000 ____D C:\Program Files (x86)\Pari-2-7-6
2018-01-30 20:56 - 2015-11-01 10:23 - 000000000 ____D C:\Users\juergen2\AppData\Local\Adobe
2018-01-30 20:47 - 2016-02-17 17:00 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-30 20:47 - 2015-11-01 10:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-28 21:35 - 2015-11-15 10:42 - 000000000 ____D C:\vhd
2018-01-26 12:50 - 2015-11-15 10:22 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\gnupg
2018-01-25 00:48 - 2017-06-30 15:19 - 000004100 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1498067933
2018-01-23 19:58 - 2010-11-21 04:27 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-01-19 14:22 - 2015-11-01 09:42 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-18 14:27 - 2016-05-12 18:47 - 000001945 _____ C:\Windows\epplauncher.mif
2018-01-18 14:04 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2017-07-20 19:34 - 2017-07-20 19:34 - 000003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-07 12:31

==================== End of FRST.txt ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Administrator (14-02-2018 17:54:51)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-10-31 21:00:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-963683855-2343051469-89585254-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-963683855-2343051469-89585254-501 - Limited - Disabled)
juergen2 (S-1-5-21-963683855-2343051469-89585254-1000 - Administrator - Enabled) => C:\Users\juergen2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Accelerated Video Transcoding (HKLM\...\{F15287C6-10E3-1676-AF50-CB0355A302F1}) (Version: 2.00.0002 - Advanced Micro Devices, Inc.)
AMD APP SDK Runtime (HKLM\...\{503F672D-6C84-448A-8F8F-4BC35AC83441}) (Version: 10.0.873.1 - Advanced Micro Devices Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (HKLM\...\{CF84CD21-FC52-857E-AF41-9DEE9C76D245}) (Version: 2.00.0000 - Advanced Micro Devices, Inc.)
AMD Fuel (HKLM\...\{AA20E9E6-96D0-C201-E44D-F7D921F595FD}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
AMD USB 3.0 Device Detector (HKLM\...\{F5733897-B788-4AB1-B399-166A9FBB47A8}) (Version: 2.1.30.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (HKLM\...\{630E5EF7-72F8-9E5D-BEF5-ED85B698E160}) (Version: 1.0.0.15 - Advanced Micro Devices, Inc.)
Arasan 20.2 (HKLM-x32\...\Arasan_is1) (Version:  - )
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
BCWipe 6.0 (HKLM-x32\...\BCWipe) (Version: 6.08.3 - Jetico Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Catalyst Control Center Graphics Previews Common (HKLM-x32\...\{9114BDDB-A6A6-152D-060A-E99307057AD1}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Catalyst Control Center Localization All (HKLM-x32\...\{315D9E6B-98B1-1E2B-9E93-B36A0B104224}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Standard (HKLM-x32\...\{703F229F-573E-10E7-3B44-341DB59AD86B}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Traditional (HKLM-x32\...\{489E5436-B101-CAD9-5571-14746675ECE3}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Czech (HKLM-x32\...\{BBA1614E-6470-7841-8A42-ABD5BA7B3FFE}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Danish (HKLM-x32\...\{AA0E1433-8F16-AA01-E8E9-E6408579D0D8}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Dutch (HKLM-x32\...\{504819D1-3C0A-2695-0007-BBDFA5936D68}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help English (HKLM-x32\...\{6C495748-5F03-0B97-568B-76D0368FB460}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Finnish (HKLM-x32\...\{D9CBA021-DB41-9736-923F-52E3E426912D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help French (HKLM-x32\...\{B03A580A-5D67-DAC5-59A1-7AD7C513381C}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help German (HKLM-x32\...\{69DF4822-9B16-CE04-7587-22E09FB5FD1D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Greek (HKLM-x32\...\{968C0E92-6DA9-5784-9A0B-1061D0CB2C14}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Hungarian (HKLM-x32\...\{11BC8F83-7260-65EB-3E0A-FA7AC894B42D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Italian (HKLM-x32\...\{FE4DC915-D724-E72C-EF86-DC5B89961ACF}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Japanese (HKLM-x32\...\{C9353DBC-A47C-2C9B-AF32-5E2C8B4E3D3A}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Korean (HKLM-x32\...\{37DBC990-C514-3821-D6FB-12E0745AA990}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Norwegian (HKLM-x32\...\{79E3071B-8A0C-C105-6442-CF611732601E}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Polish (HKLM-x32\...\{A12E8E1A-A77D-94E5-72F8-E83D6256AF11}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Portuguese (HKLM-x32\...\{AD5E3969-F0C0-ECBF-45E5-C36B84904281}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Russian (HKLM-x32\...\{CFA2067C-AE90-3BF9-06AF-E7E65E679B3D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Spanish (HKLM-x32\...\{110E4EE7-85A9-B76B-B943-C0C1CF0C2F74}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Swedish (HKLM-x32\...\{42A97797-A255-49F9-4250-D58A9CEA2904}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Thai (HKLM-x32\...\{31BC0B51-0676-A531-3940-1818B609EEA7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Turkish (HKLM-x32\...\{9DB45EC2-90E7-642D-7CF9-5AC2FBDC14F7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
ccc-utility64 (HKLM\...\{C3463F9A-E635-02E0-C351-41D16074E202}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Convert XLS (HKLM-x32\...\Convert XLS_is1) (Version:  - Softinterface, Inc.)
CrystalDiskInfo 7.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World)
Dr. Hardware 2015 15.5d (HKLM-x32\...\Dr. Hardware 2015_is1) (Version:  - Peter A. Gebhard)
Electrum (HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Electrum) (Version: 2.8.2 - Electrum Technologies GmbH)
Free Pascal 3.0.0 (HKLM-x32\...\FreePascal_is1) (Version:  - Free Pascal Team)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.195.0 - International GeoGebra Institute)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (2.3.3) (HKLM-x32\...\GPG4Win) (Version: 2.3.3 - The Gpg4win Project)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
GUI Turbo Assembler Ver 3.0.1 (HKLM-x32\...\{F522C947-52FA-4C01-B933-16292944E000}) (Version: 3.0.1 - Lakhya's Innovation Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.135.1 - Intel Security)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Lazarus 1.6.2 (HKLM\...\lazarus_is1) (Version: 1.6.2 - Lazarus Team)
MailWasherPro (HKLM-x32\...\{D16B61A0-A55E-47A9-BA73-8A5E92C26DB2}) (Version: 7.11.05 - Firetrust)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
ManyCam 5.3.0 (HKLM-x32\...\ManyCam) (Version: 5.3.0 - Visicom Media Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 de) (HKLM\...\Mozilla Firefox 58.0.2 (x64 de)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Opera Stable 50.0.2762.67 (HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Opera 50.0.2762.67) (Version: 50.0.2762.67 - Opera Software)
Pari-2-7-6 (remove only) (HKLM-x32\...\Pari-2-7-6) (Version:  - )
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PilotEdit Lite 10.7.0 (HKLM-x32\...\PilotEdit Lite_is1) (Version:  - )
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Scid vs PC 4.16 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.16 - Steven Atkinson)
SharpKeys (HKLM\...\{F6908C45-459A-4332-A3F2-03DAAB64939D}) (Version: 3.6.0000 - RandyRants.com)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Skype version 8.15 (HKLM-x32\...\Skype_is1) (Version: 8.15 - Skype Technologies S.A.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Web Companion (HKLM-x32\...\{37c882f6-40f7-46a4-9ccb-8e2808e1a79e}) (Version: 2.4.1558.3001 - Lavasoft)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wolfram Mathematica 11.2 (M-WIN-L 11.2.0 5822651) (HKLM\...\M-WIN-L 11.2.0 5822651_is1) (Version: 11.2.0 - Wolfram Research, Inc.)
Wondershare Data Recovery(Build 6.5.1.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.5.1.5 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version:  - )
Xilinx Design Tools Vivado HL WebPACK 2016.3 (C:\Xilinx) (HKLM\...\Xilinx_Vivado HL WebPACK_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx DocNav (C:\Xilinx) (HKLM\...\Xilinx_DocNav_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx Information Center (C:\Xilinx) (HKLM\...\Xilinx_Xilinx Information Center_2016.3#0) (Version: 2016.3 - Xilinx Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] ()
ContextMenuHandlers1: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers1: [PilotEdit] -> {277B9550-37E2-47DE-B533-89A1EBD82DB9} => C:\Program Files (x86)\PilotEdit Lite\EShell_x64.dll [2013-01-01] (PilotEdit)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FB3732E-9592-444D-A701-81DF304F14A9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe
Task: {21022CE6-BFE7-40E7-AAFA-15A6CC72356B} - System32\Tasks\{E140102B-F244-4775-9758-5FA77AFD8886} => C:\Windows\system32\pcalua.exe -a "C:\Users\juergen2\Downloads\chromeinstall-8u77 (1).exe" -d C:\Users\juergen2\Downloads
Task: {213D38E2-E0E5-4EFB-88BC-AC61BF33552B} - System32\Tasks\{849B1E16-7952-40E5-887E-DAAD93154E62} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\putty.exe -d D:\backupMaxtor80gb\data
Task: {22DA9795-90BD-4731-AB6A-BD01A662D2F9} - System32\Tasks\{9C6CF1E7-9264-4314-BC30-F7778072B17B} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\wlsetup3528-all.exe -d d:\backupMaxtor80gb\data\
Task: {3B11371B-11AB-415E-8185-32A4F05C4B0F} - System32\Tasks\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB} => C:\Windows\system32\pcalua.exe -a C:\camel\SilkroadOnlineGlobal_Official_v1_486.exe -d c:\camel\
Task: {4ADE3327-7150-4BB8-87C3-76601FC67879} - System32\Tasks\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\i2pinstall_0.9.30_windows.exe -d D:\backupMaxtor80gb\data
Task: {6ADA2DE3-F929-4442-BCBE-E1D403613F2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
Task: {70FC73DB-5C4F-4CB5-9833-76B9D3A491A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {7A08FBD7-EDFC-4E9E-ACF9-B7FF22DFE418} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {A6D9A0B3-82A7-4937-910D-C86CC1F2F571} - System32\Tasks\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343} => C:\Windows\system32\pcalua.exe -a C:\datas\jxpiinstall(4).exe -d C:\datas
Task: {AD24AC21-72E8-4AFB-8BA6-BC0413019E02} - System32\Tasks\Opera scheduled Autoupdate 1498067933 => C:\Users\juergen2\AppData\Local\Programs\Opera\launcher.exe [2018-01-22] (Opera Software)
Task: {BE9E6706-8A73-4F34-8BC7-F4B899EDF1C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {DAC363AC-634F-4411-8C93-334B4E476B58} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {E302C505-2A7A-4384-87A8-489CE462BC3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F4DDD129-C6FA-4772-AC2D-CE369BA97A92} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {F6F30DFE-BB87-4833-A1E0-CEE92CCDEE3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-08-04 00:25 - 2015-08-04 00:25 - 000214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2016-08-18 09:27 - 2016-08-18 09:27 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2018-02-10 21:01 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 000102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-01-01 02:07 - 2018-01-01 02:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-08-18 09:14 - 2016-08-18 09:14 - 000222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-08-18 09:09 - 2016-08-18 09:09 - 000103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-08-18 09:03 - 2016-08-18 09:03 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-08-18 09:14 - 2016-08-18 09:14 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-08-18 09:17 - 2016-08-18 09:17 - 000751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2018-01-01 02:07 - 2018-01-01 02:07 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-02-10 18:45 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-963683855-2343051469-89585254-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-963683855-2343051469-89585254-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BCWipeSvc => 2
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: vssbrigde64 => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^juergen2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.lnk => C:\Windows\pss\MailWasherPro.lnk.Startup
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr Inc\Raptr\raptrstub.exe --startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E08E8243-C2A1-4221-90A7-14736621DBE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EA08C55-5310-4A9E-8ABB-32F4A49FF91B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97587CB0-9EAA-4B76-AE0F-849E608FE32D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{81373308-C4D3-45DA-ABFB-9FF3613C6D5D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{27E94056-EE89-40C2-88F9-FCDD1B8E5D43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D80E4AD5-8012-4DE4-B0FE-3695EFEBEAED}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E4AFD96A-B990-4558-B5EE-3F16F3B150B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EFF6531-5BDD-4CC8-BCE4-8C1B36A92B77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1144CB11-19E6-41BF-BAFF-C3CBF53D788E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{D076BE44-8E6B-4596-BDAA-38B73655C620}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{BA663251-09BF-4823-8DE3-357013B1B8CE}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [UDP Query User{E5E54FE6-C09E-4ABB-90E3-E86CBF75A6F2}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [TCP Query User{3562059C-09AD-49C5-B7A8-F01122A24FF9}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{F0D6FC0B-D3F6-4346-A980-F46D4C9D1B96}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{98C9BD54-7195-421F-8622-82F19A588534}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [UDP Query User{823BFEF5-2144-437C-A54B-BCCA12451298}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [TCP Query User{43DE325D-FD61-460D-842E-290A5202FB7F}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{DFCF343D-2298-479B-820C-A9D87E56AFF7}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [TCP Query User{A1496639-68D5-46B4-967E-A505FB7D9C89}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [UDP Query User{D2661694-9DE9-4B85-AA71-E76B9FE67E92}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [TCP Query User{DA6A1C4E-6658-4536-B8A6-C2F9FD65FD61}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [UDP Query User{4C306084-351A-440E-86A7-02F33064F80E}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [TCP Query User{82621B54-D4E3-4191-A32E-7FB2E966AFE0}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{FA455FFB-BB85-4880-8324-9ED51129A541}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [TCP Query User{AFDB542D-C34E-4DBA-A5E8-13FD772F4676}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{821974AD-1244-4300-8892-42C965D1C906}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [{776A7697-A9FA-4D00-AE02-02733E032793}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{179DB254-E4A7-44FD-8180-A252E383B707}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{5881A1B3-618E-4628-AF81-07C027281C34}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [UDP Query User{B1095A5C-EA19-4532-BE33-41EF9C86B1D8}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [TCP Query User{B12981FF-B265-4AD8-90CC-1CAA78AFF9D3}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{17966661-BA79-4C90-BC0D-63434C7A2A9F}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{359222EA-9F94-4EDA-A978-E08B0C015F21}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{DCC70F92-DA66-4518-B65F-551E06FAED96}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{0C48E5AD-B230-4661-BAFF-D286C90BF7ED}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{5E82995E-38F3-476B-98A0-E4055D9530E6}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{FF3B1697-47E7-4E15-A46F-14DAD9A34297}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{91BF5810-5F2B-4B0B-89A6-13C7BD7AF7E0}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [{A15FD59F-4DEB-48C5-B0AB-C560507A5BD9}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{7B27A2F1-A1C2-40B1-856F-69E72A5FDD68}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{109B94D2-FB0C-44F2-A49B-C1ABC4AE84C2}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{0E26162C-0928-4A55-BFA2-D3D7A388B22E}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{8BAD0C4F-C654-432F-8A46-8CBC4BFF20AF}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{81FA3FFE-6DEF-4F3D-871E-6120D650F375}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{E12FBEE4-11A9-4252-B72E-9DA5B9A82CDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7DA09561-F33A-4F74-AE93-BE232605E318}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C619FF61-7405-4E6D-B469-F5ED7A4CEBEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5D49AA65-E9EC-4E40-AF85-819A887C58C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A5989984-670A-4953-A4B2-97E2981C1C4E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.58\opera.exe
FirewallRules: [{51A58F52-6A7A-4F9F-A9D3-54673771201E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.67\opera.exe
FirewallRules: [{858D641F-B90B-4B90-9641-DFF96825B635}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{36275EA3-11DB-4932-AC9B-19B7D18F4C95}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{A9C5985A-EEDC-40A3-BBEC-1E2E964F227C}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{A6DED921-ACDB-4F33-8FF6-E322906C2092}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{9D3AC6F5-DD80-4C6C-AC12-2DE855E84AE0}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
FirewallRules: [{719EF127-CBDB-42E9-AA42-01703EB925AD}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
FirewallRules: [{DA9DDE8A-7D1E-4CB2-B687-92FE13D0248D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{94A37815-6EB1-4CFE-9596-10C41931DA8D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

==================== Restore Points =========================

13-02-2018 16:24:13 End of disinfection
13-02-2018 16:40:08 Revo Uninstaller's restore point - Adobe Flash Player 28 NPAPI
13-02-2018 16:41:55 Revo Uninstaller's restore point - BestCrypt 9.0
13-02-2018 16:51:22 Device Driver Package Install: Jetico, Inc. BestCrypt bus controllers
13-02-2018 17:03:52 Revo Uninstaller's restore point - BestCrypt 8.0
13-02-2018 17:13:21 Revo Uninstaller's restore point - PlaysTV
13-02-2018 17:21:43 Revo Uninstaller's restore point - Raptr
14-02-2018 04:45:07 Windows Update

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: MpKsl82babf16
Description: MpKsl82babf16
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl82babf16
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: AODDriver4.1
Description: AODDriver4.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2018 04:54:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2018 04:46:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2018 11:28:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2018 11:25:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2018 04:13:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/13/2018 05:21:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary bcfnt.

System Error:
The system cannot find the file specified.
.

Error: (02/13/2018 05:13:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary bcfnt.

System Error:
The system cannot find the file specified.
.

Error: (02/13/2018 05:03:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2419a346-823c-4a07-866d-706ab0c5b9fa}


System errors:
=============
Error: (02/14/2018 05:19:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/14/2018 05:19:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/14/2018 05:14:50 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (02/14/2018 05:05:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/14/2018 05:05:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/14/2018 04:55:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2018 04:54:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
bcbus

Error: (02/14/2018 04:54:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Biometric and Context Agent Service service hung on starting.


Windows Defender:
===================================
Date: 2015-11-05 16:46:24.583
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2015-11-05 06:18:26.559
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
Signature version:1.209.968.0
Engine version:1.1.6402.0

Date: 2015-11-05 06:18:07.182
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2015-11-05 07:09:53.063
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.061
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.029
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.027
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: AMD A6-3650 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 65%
Total physical RAM: 7665.37 MB
Available physical RAM: 2611.46 MB
Total Virtual: 11759.54 MB
Available Virtual: 5924.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.18 GB) (Free:177.8 GB) NTFS
Drive d: (neueMaxTor) (Fixed) (Total:443.23 GB) (Free:149.71 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Dritte Externe Teil 1) (Fixed) (Total:351.38 GB) (Free:50.38 GB) NTFS
Drive h: (Poops) (Fixed) (Total:347.16 GB) (Free:44.24 GB) NTFS
Drive i: (PalleMalle) (Fixed) (Total:931.51 GB) (Free:90.22 GB) NTFS
Drive j: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:43.66 GB) NTFS

\\?\Volume{39adc126-8011-11e5-b8fa-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9A083BDB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7191D59B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=351.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=347.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 002EFF55)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: AAE66568)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
Anmerkung:
In der Zeit in der ich das alles machte, gab es ca 5 ! windows updates. Hoffe das ist kein Problem
Bei dir /euch sicher auch?
Happy Valenine

also in den settings vom Malwarebytes werde ich nach username und pw gefragt die ich nie angab.
https://my.malwarebytes.com/en/login# da koennte man das machen was du sagtest.
Oder echt kaufen weiss nicht

Alt 14.02.2018, 22:08   #10
M-K-D-B
/// TB-Ausbilder
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Servus,




Zitat:
In der Zeit in der ich das alles machte, gab es ca 5 ! windows updates. Hoffe das ist kein Problem
Bei dir /euch sicher auch?
Ja



Zitat:
also in den settings vom Malwarebytes werde ich nach username und pw gefragt die ich nie angab.
https://my.malwarebytes.com/en/login# da koennte man das machen was du sagtest.
Oder echt kaufen weiss nicht
Ich denke, du vermischt hier gerade zwei Dinge... oder ich verstehe dich einfach falsch...
Um den Echtzeitschutz von MBAM zu deaktiveren, brauchst du dich nirgends anmelden.
Ob du dafür zahlen möchtest, ist deine Entscheidung.
Mehr dazu am Ende.






wir entfernen noch ein bisschen was und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.





Schritt 1
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    AppInit_DLLs-x32: hplun.dll => No File
    FF NewTabOverride: Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 -> Disabled: _j5Members_@ext.ask.com
    S4 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
    S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe" [X]
    S4 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X]
    S4 TrueKeyScheduler; "C:\Program Files\TrueKey\McTkSchedulerService.exe" [X]
    S3 TrueKeyServiceHelper; "C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe" [X]
    C:\Program Files\TrueKey
    U3 aswbdisk; no ImagePath
    S1 bcbus; system32\DRIVERS\bcbus.sys [X]
    S3 X6va037; \??\C:\Windows\SysWOW64\Drivers\X6va037 [X]
    S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
    Task: {21022CE6-BFE7-40E7-AAFA-15A6CC72356B} - System32\Tasks\{E140102B-F244-4775-9758-5FA77AFD8886} => C:\Windows\system32\pcalua.exe -a "C:\Users\juergen2\Downloads\chromeinstall-8u77 (1).exe" -d C:\Users\juergen2\Downloads
    Task: {213D38E2-E0E5-4EFB-88BC-AC61BF33552B} - System32\Tasks\{849B1E16-7952-40E5-887E-DAAD93154E62} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\putty.exe -d D:\backupMaxtor80gb\data
    Task: {22DA9795-90BD-4731-AB6A-BD01A662D2F9} - System32\Tasks\{9C6CF1E7-9264-4314-BC30-F7778072B17B} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\wlsetup3528-all.exe -d d:\backupMaxtor80gb\data\
    Task: {3B11371B-11AB-415E-8185-32A4F05C4B0F} - System32\Tasks\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB} => C:\Windows\system32\pcalua.exe -a C:\camel\SilkroadOnlineGlobal_Official_v1_486.exe -d c:\camel\
    Task: {4ADE3327-7150-4BB8-87C3-76601FC67879} - System32\Tasks\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\i2pinstall_0.9.30_windows.exe -d D:\backupMaxtor80gb\data
    Task: {A6D9A0B3-82A7-4937-910D-C86CC1F2F571} - System32\Tasks\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343} => C:\Windows\system32\pcalua.exe -a C:\datas\jxpiinstall(4).exe -d C:\datas
    Task: {DAC363AC-634F-4411-8C93-334B4E476B58} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
    C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware
    EmptyTemp:
    End::
             
  • Starte nun FRST und klicke direkt den Entfernen Button. Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 3
Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
  • Starte die Installationsdatei.
  • Akzeptiere die Nutzungsbedingungen.
  • Wähle Erkennung evtl. unerwünschter Anwendungen aktivieren aus und klicke auf Scannen.
  • Zuerst werden die notwendigen Signaturen heruntergeladen, anschließend startet ESET automatisch den Suchlauf.
  • Am Ende des Suchlaufs werden gegebenenfalls die gefundenen Elemente aufgelistet.
  • Wähle In Textdatei speichern... aus und speichere die Datei als eset.txt auf deinem Desktop ab.
  • Füge den Inhalt der eset.txt mit deiner nächsten Antwort hinzu.
  • Sollte ESET nichts finden, so kann auch keine Logdatei erstellt werden. Teile uns das dann unbedingt mit.
  • Schließe den ESET Online Scanner rechts oben [ X ] und klicke anschließend auf Schließen.





Schritt 4
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.







Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.
__________________
Gruß
M-K-D-B


Das Trojaner-Board unterstützen

Alt 15.02.2018, 00:03   #11
juergen007
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Anmerkung 2:
ich habe die ganzen Aktion mit cosinus erst kürzlich durchgezogen. siehe https://www.trojaner-board.de/188338-120-funde-logfileauswertung.html
Das einzigste, was ich neu installiert habe war von jetico ein bestcrypt.exe.
Das scheint sehr zertörereisch zu sein. Sowie neue catalyst Treiber für nvidia
Ich habe noch eine älteren BC- container mit schon wichtigen infos und data mit BC kreeiert, aber die neue Version kann die alten container nicht mehr lesen.
Sonst hätte ich die Daten aus bcrypt was dubios ist, mit veracrypt neu verschlüsselt.
Conti gelöscht egal. und revo uninstall auf bcrypt.

Und jetzt so ein Aufwand wieder. Das ist keine Beschwerde ich wunder mich einfach...
Wie halt ich denn das W7 system mal sauber auf Dauer?
Ist W10 unempfindlicher? wc wohl kaum oder.
Cosinus empfahl das chocolatey, das wäre wohl gut ich kam nicht dazu..
Kann ich nicht selber so ne Art Säuberungs script mit frst , adw, eset, malware, hitman etc. laufen lassen?
Da gibts sicher Anleitungen oder ist das gefährlich ohne "fachmann Hilfe"?
Es kostet jedesmal eine Wahnsinnsarbeit, die ich ja auch gerne mache aber nicht alle 3 Tage wieder neu..
Ich arbeite als Programmierer.
Danke
Jürgen
P.S. Das andere starte ich heute nacht.

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Administrator (14-02-2018 23:29:51) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: juergen2 & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AppInit_DLLs-x32: hplun.dll => No File
FF NewTabOverride: Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 -> Disabled: _j5Members_@ext.ask.com
S4 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe" [X]
S4 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X]
S4 TrueKeyScheduler; "C:\Program Files\TrueKey\McTkSchedulerService.exe" [X]
S3 TrueKeyServiceHelper; "C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe" [X]
C:\Program Files\TrueKey
U3 aswbdisk; no ImagePath
S1 bcbus; system32\DRIVERS\bcbus.sys [X]
S3 X6va037; \??\C:\Windows\SysWOW64\Drivers\X6va037 [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
Task: {21022CE6-BFE7-40E7-AAFA-15A6CC72356B} - System32\Tasks\{E140102B-F244-4775-9758-5FA77AFD8886} => C:\Windows\system32\pcalua.exe -a "C:\Users\juergen2\Downloads\chromeinstall-8u77 (1).exe" -d C:\Users\juergen2\Downloads
Task: {213D38E2-E0E5-4EFB-88BC-AC61BF33552B} - System32\Tasks\{849B1E16-7952-40E5-887E-DAAD93154E62} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\putty.exe -d D:\backupMaxtor80gb\data
Task: {22DA9795-90BD-4731-AB6A-BD01A662D2F9} - System32\Tasks\{9C6CF1E7-9264-4314-BC30-F7778072B17B} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\wlsetup3528-all.exe -d d:\backupMaxtor80gb\data\
Task: {3B11371B-11AB-415E-8185-32A4F05C4B0F} - System32\Tasks\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB} => C:\Windows\system32\pcalua.exe -a C:\camel\SilkroadOnlineGlobal_Official_v1_486.exe -d c:\camel\
Task: {4ADE3327-7150-4BB8-87C3-76601FC67879} - System32\Tasks\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\i2pinstall_0.9.30_windows.exe -d D:\backupMaxtor80gb\data
Task: {A6D9A0B3-82A7-4937-910D-C86CC1F2F571} - System32\Tasks\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343} => C:\Windows\system32\pcalua.exe -a C:\datas\jxpiinstall(4).exe -d C:\datas
Task: {DAC363AC-634F-4411-8C93-334B4E476B58} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware
EmptyTemp:

*****************

"hplun.dll" => Value data removed successfully
"Firefox NewTabOverride (_j5Members_@ext.ask.com) " => removed successfully
"HKLM\System\CurrentControlSet\Services\InstallerService" => removed successfully
InstallerService => service removed successfully
"HKLM\System\CurrentControlSet\Services\McComponentHostService" => removed successfully
McComponentHostService => service removed successfully
"HKLM\System\CurrentControlSet\Services\TrueKey" => removed successfully
TrueKey => service removed successfully
"HKLM\System\CurrentControlSet\Services\TrueKeyScheduler" => removed successfully
TrueKeyScheduler => service removed successfully
"HKLM\System\CurrentControlSet\Services\TrueKeyServiceHelper" => removed successfully
TrueKeyServiceHelper => service removed successfully
C:\Program Files\TrueKey => moved successfully
"HKLM\System\CurrentControlSet\Services\aswbdisk" => removed successfully
aswbdisk => service removed successfully
"HKLM\System\CurrentControlSet\Services\bcbus" => removed successfully
bcbus => service removed successfully
"HKLM\System\CurrentControlSet\Services\X6va037" => removed successfully
X6va037 => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully
ZAM => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully
ZAM_Guard => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21022CE6-BFE7-40E7-AAFA-15A6CC72356B} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21022CE6-BFE7-40E7-AAFA-15A6CC72356B} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{E140102B-F244-4775-9758-5FA77AFD8886} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E140102B-F244-4775-9758-5FA77AFD8886} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{213D38E2-E0E5-4EFB-88BC-AC61BF33552B} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{213D38E2-E0E5-4EFB-88BC-AC61BF33552B} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{849B1E16-7952-40E5-887E-DAAD93154E62} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{849B1E16-7952-40E5-887E-DAAD93154E62} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22DA9795-90BD-4731-AB6A-BD01A662D2F9} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22DA9795-90BD-4731-AB6A-BD01A662D2F9} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{9C6CF1E7-9264-4314-BC30-F7778072B17B} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9C6CF1E7-9264-4314-BC30-F7778072B17B} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B11371B-11AB-415E-8185-32A4F05C4B0F} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B11371B-11AB-415E-8185-32A4F05C4B0F} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4ADE3327-7150-4BB8-87C3-76601FC67879} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ADE3327-7150-4BB8-87C3-76601FC67879} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6D9A0B3-82A7-4937-910D-C86CC1F2F571} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6D9A0B3-82A7-4937-910D-C86CC1F2F571} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAC363AC-634F-4411-8C93-334B4E476B58} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAC363AC-634F-4411-8C93-334B4E476B58} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\McAfee Remediation (Prepare) => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare) => could not remove key. ErrorCode1: 0x00000002
"C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14342128 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 11878248 B
Edge => 0 B
Chrome => 0 B
Firefox => 381990838 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 25306 B
juergen2 => 77885867 B
Administrator => 15975553 B

RecycleBin => 0 B
EmptyTemp: => 478.8 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-02-2018 23:31:40)


Result of scheduled keys to remove after reboot:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21022CE6-BFE7-40E7-AAFA-15A6CC72356B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21022CE6-BFE7-40E7-AAFA-15A6CC72356B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E140102B-F244-4775-9758-5FA77AFD8886}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{213D38E2-E0E5-4EFB-88BC-AC61BF33552B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{213D38E2-E0E5-4EFB-88BC-AC61BF33552B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{849B1E16-7952-40E5-887E-DAAD93154E62}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22DA9795-90BD-4731-AB6A-BD01A662D2F9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22DA9795-90BD-4731-AB6A-BD01A662D2F9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9C6CF1E7-9264-4314-BC30-F7778072B17B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B11371B-11AB-415E-8185-32A4F05C4B0F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B11371B-11AB-415E-8185-32A4F05C4B0F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4ADE3327-7150-4BB8-87C3-76601FC67879}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ADE3327-7150-4BB8-87C3-76601FC67879}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6D9A0B3-82A7-4937-910D-C86CC1F2F571}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6D9A0B3-82A7-4937-910D-C86CC1F2F571}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAC363AC-634F-4411-8C93-334B4E476B58}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAC363AC-634F-4411-8C93-334B4E476B58}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare)" => removed successfully

==== End of Fixlog 23:31:40 ====
         
Code:
ATTFilter
HitmanPro 3.8.0.292
www.hitmanpro.com

   Computer name . . . . : JUERGEN2-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : juergen2-PC\Administrator
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2018-02-14 23:47:52
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 59s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 4

   Objects scanned . . . : 2.008.550
   Files scanned . . . . : 134.861
   Remnants scanned  . . : 855.391 files / 1.018.298 keys

Suspicious files ____________________________________________________________

   C:\Users\Administrator\Desktop\FRST64.exe
      Size . . . . . . . : 2.405.376 bytes
      Age  . . . . . . . : 0.2 days (2018-02-14 17:52:59)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 61FA9B4491362A380C7C4ADC5D179B019D74B4A7FD331AB248C5973193D995DA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\juergen2\Desktop\FRST64.exe
      Size . . . . . . . : 2.405.376 bytes
      Age  . . . . . . . : 0.5 days (2018-02-14 12:18:20)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 61FA9B4491362A380C7C4ADC5D179B019D74B4A7FD331AB248C5973193D995DA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\juergen2\Desktop\FRST64.exe
         27.1s C:\Users\juergen2\Desktop\FRST.txt

   D:\backupMaxtor80gb\data\FRSTData\FRST64.exe
      Size . . . . . . . : 2.405.376 bytes
      Age  . . . . . . . : 8.7 days (2018-02-06 07:44:18)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 61FA9B4491362A380C7C4ADC5D179B019D74B4A7FD331AB248C5973193D995DA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-963683855-2343051469-89585254-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\backupMaxtor80gb\data\FRSTData\FRST64.exe
         

Alt 15.02.2018, 10:00   #12
M-K-D-B
/// TB-Ausbilder
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Servus,



Zitat:
Zitat von juergen007 Beitrag anzeigen
ich habe die ganzen Aktion mit cosinus erst kürzlich durchgezogen.
Und jetzt so ein Aufwand wieder. Das ist keine Beschwerde ich wunder mich einfach...
Davon wusste ich bis jetzt eben nichts... ich weiß nicht, wer deinen Rechner wann bereinigt hat. So etwas musst du mir zu Beginn des Themas mitteilen, dann hätten wir uns viel Zeit gespart.
Ich mach grundsätzlich eine komplette Bereinigung, außer ich weiß was von solchen Dingen... dann könnte man das Ganze auch abkürzen.
Oder hab ich was überlesen? Wenn ja, tut es mir Leid.



Zitat:
Zitat von juergen007 Beitrag anzeigen
Wie halt ich denn das W7 system mal sauber auf Dauer?
Ist W10 unempfindlicher? wc wohl kaum oder.
Die Tipps von cosinus und von mir zu Herzen nehmen. Windows 10 ist da wohl schon etwas unempfindlicher.




Zitat:
Zitat von juergen007 Beitrag anzeigen
Kann ich nicht selber so ne Art Säuberungs script mit frst , adw, eset, malware, hitman etc. laufen lassen?
AdwCleaner und MBAM kannst du auf dem Rechner belassen und ab und zu mal damit scannen, dafür braucht man keine Scripte.



Zitat:
Zitat von juergen007 Beitrag anzeigen
Da gibts sicher Anleitungen oder ist das gefährlich ohne "fachmann Hilfe"?
Für FRST müssen individuelle Scripte angefertigt werden. Als Laie sollte man da allerdings nicht "rumhantieren", wenn man nicht genau weiß, was man tut.
Wir haben eine FRST-Anleitung. Verwendung auf eigene Gefahr.



Zitat:
Zitat von juergen007 Beitrag anzeigen
Es kostet jedesmal eine Wahnsinnsarbeit, die ich ja auch gerne mache aber nicht alle 3 Tage wieder neu..
Kann ich voll verstehen. Aber ich denke, alle 3 Tage wird nicht mehr vorkommen... wenn überhaupt... dein Rechner ist ja sauber.

Ich warte noch auf deine Antwort, dann gibts auch von mir nochmal Tipps und wir sind fertig.
__________________
Gruß
M-K-D-B


Das Trojaner-Board unterstützen

Alt 16.02.2018, 05:43   #13
juergen007
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



ich hatte darauf hingewiesen, dass ich den BKA Tip aus dem anderen Thread hatte.
Trotzdem musste ich den adobe installieren der offenbar mcaffee mit gelieferrt hat obwohl ich es verbat.
Na wie auch immer anbei der eset scan der fast 48 stunden Lief unter high cpu priority.

Hatte oder habe ich diesen BKA noch oder schon oder was?


Danke auf jeden Fall was fehlt noch ?
der hitman ist noch offen soll ich da säuber machen ?


Code:
ATTFilter
J:\JUERGEN-PC\Backup Set 2015-10-18 232830\Backup Files 2015-10-18 232830\Backup files 1.zip	Variante von Win32/DownloadGuide.D eventuell unerwünschte Anwendung	
J:\JUERGEN-PC\Backup Set 2015-10-18 232830\Backup Files 2015-10-18 232830\Backup files 1434.zip	Variante von Win32/Injector.ASME Trojaner,ist OK	
J:\JUERGEN-PC\Backup Set 2015-10-18 232830\Backup Files 2015-10-18 232830\Backup files 16.zip	JS/Toolbar.Crossrider.T eventuell unerwünschte Anwendung	
J:\JUERGEN-PC\Backup Set 2015-10-18 232830\Backup Files 2015-10-18 232830\Backup files 2.zip	Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung	
J:\JUERGEN2-PC\Backup Set 2017-01-08 190007\Backup Files 2017-01-08 190007\Backup files 18.zip	Variante von Win32/Auslogics.A eventuell unerwünschte Anwendung	
J:\JUERGEN2-PC\Backup Set 2017-01-08 190007\Backup Files 2017-01-08 190007\Backup files 6.zip	JS/Mindspark.E eventuell unerwünschte Anwendung	
J:\JUERGEN2-PC\Backup Set 2017-02-26 190010\Backup Files 2017-02-26 190010\Backup files 22.zip	Variante von Win32/Auslogics.A eventuell unerwünschte Anwendung	
J:\JUERGEN2-PC\Backup Set 2018-02-04 190004\Backup Files 2018-02-04 190004\Backup files 41.zip	Variante von Win32/Auslogics.A eventuell unerwünschte Anwendung
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Administrator (administrator) on JUERGEN2-PC (16-02-2018 05:38:55)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: juergen2 & Administrator (Available Profiles: juergen2 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SurfRight B.V.) C:\Users\Administrator\Desktop\HitmanPro_x64.exe
(ESET spol. s r.o.) C:\Users\Administrator\Desktop\esetonlinescanner_deu(1).exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Ghisler Software GmbH) C:\totalcmd\TCMDX64.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Policies\Explorer: [NoThumbNailCache] 1
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\MountPoints2: {3b6eaf21-9024-11e5-b954-8c89a53586cf} - K:\LaunchU3.exe -a
HKU\S-1-5-21-963683855-2343051469-89585254-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-500\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-500\...\Policies\Explorer: [NoThumbNailCache] 1
HKU\S-1-5-21-963683855-2343051469-89585254-500\...\MountPoints2: {3b6eaf21-9024-11e5-b954-8c89a53586cf} - K:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4F4DD125-EDDA-44BF-B378-9BAF78A43AC1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-963683855-2343051469-89585254-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-at
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF DefaultProfile: iv2ha52p.default-1508386149418
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 [2018-02-16]
FF Session Restore: Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 -> is enabled.
FF Extension: (Flash Video Downloader) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\artur.dubovoy@gmail.com.xpi [2018-02-07]
FF Extension: (ConsistentHTTPS) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\consistent-https@tanalin.com.xpi [2018-02-07]
FF Extension: (Name) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\firefox@ghostery.com.xpi [2018-02-10]
FF Extension: (HTTPS Everywhere) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\https-everywhere@eff.org.xpi [2018-02-08]
FF Extension: (AdBlock) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-02-07]
FF Extension: (Flash & Video Downloader) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\{a80bbdbb-6fd0-4ee2-ab67-47ef4ba1cede}.xpi [2018-02-07]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S4 BCWipeSvc; C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe [90592 2015-12-01] (Jetico, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
S4 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S4 BCSWAP; no ImagePath
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-02-14] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-02-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-02-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-14] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-02-13] (Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
S3 MftWipeFilter; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl6f468ce1; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A0FFA99-1B4A-4E02-91A4-6E116747F27C}\MpKsl6f468ce1.sys [58120 2018-02-16] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2015-11-17] (IDRIX)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2016-10-09] (Xilinx, Inc.)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-15 15:00 - 2018-02-15 15:42 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-15 15:00 - 2018-02-15 15:00 - 000002055 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-02-15 15:00 - 2018-02-15 15:00 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-02-15 14:59 - 2018-02-15 15:05 - 000000000 ____D C:\ProgramData\Adobe
2018-02-15 00:05 - 2018-02-15 00:04 - 006974584 _____ (ESET spol. s r.o.) C:\Users\Administrator\Desktop\esetonlinescanner_deu(1).exe
2018-02-14 23:47 - 2018-02-14 23:47 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-02-14 23:46 - 2018-02-14 23:47 - 000000000 ____D C:\ProgramData\HitmanPro
2018-02-14 23:45 - 2018-02-14 23:45 - 011605440 _____ (SurfRight B.V.) C:\Users\Administrator\Desktop\HitmanPro_x64.exe
2018-02-14 23:31 - 2018-02-14 23:31 - 000000021 _____ C:\Windows\S.dirmngr
2018-02-14 23:29 - 2018-02-14 23:31 - 000012002 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2018-02-14 17:54 - 2018-02-14 23:29 - 000048440 _____ C:\Users\Administrator\Desktop\Addition.txt
2018-02-14 17:53 - 2018-02-16 05:40 - 000015295 _____ C:\Users\Administrator\Desktop\FRST.txt
2018-02-14 17:52 - 2018-02-13 17:44 - 002405376 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2018-02-14 17:02 - 2018-02-14 17:01 - 008222496 _____ (Malwarebytes) C:\Users\Administrator\Desktop\adwcleaner_7.0.8.0(1).exe
2018-02-14 16:42 - 2018-02-14 16:41 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\juergen2\Desktop\readerdc_de_xa_cra_install.exe
2018-02-14 15:58 - 2018-02-14 17:19 - 000000000 ____D C:\AdwCleaner
2018-02-14 15:58 - 2018-02-14 15:11 - 008222496 _____ (Malwarebytes) C:\Users\juergen2\Desktop\adwcleaner_7.0.8.0.exe
2018-02-14 12:23 - 2018-02-14 16:17 - 000050373 _____ C:\Users\juergen2\Desktop\Addition.txt
2018-02-14 12:18 - 2018-02-14 16:17 - 000062810 _____ C:\Users\juergen2\Desktop\FRST.txt
2018-02-14 12:18 - 2018-02-13 17:44 - 002405376 _____ (Farbar) C:\Users\juergen2\Desktop\FRST64.exe
2018-02-14 04:28 - 2018-02-10 20:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-14 04:28 - 2018-02-10 20:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-14 04:28 - 2018-02-10 09:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-14 04:28 - 2018-02-10 08:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-14 04:28 - 2018-02-10 08:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 04:28 - 2018-02-10 08:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-14 04:28 - 2018-02-10 08:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-14 04:28 - 2018-02-10 08:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-14 04:28 - 2018-02-10 08:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-14 04:28 - 2018-02-10 08:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-14 04:28 - 2018-02-10 08:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-14 04:28 - 2018-02-10 08:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-14 04:28 - 2018-02-10 08:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-14 04:28 - 2018-02-10 08:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-14 04:28 - 2018-02-10 08:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-14 04:28 - 2018-02-10 08:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-14 04:28 - 2018-02-10 08:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-14 04:28 - 2018-02-10 08:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-14 04:28 - 2018-02-10 08:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-14 04:28 - 2018-02-10 08:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 04:28 - 2018-02-10 07:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-14 04:28 - 2018-02-10 07:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-14 04:28 - 2018-02-10 07:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 04:28 - 2018-02-10 07:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-14 04:28 - 2018-02-10 07:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-14 04:28 - 2018-02-10 07:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-14 04:28 - 2018-02-10 07:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-14 04:28 - 2018-02-10 07:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-14 04:28 - 2018-02-10 07:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-14 04:28 - 2018-02-10 07:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-14 04:28 - 2018-02-10 07:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-14 04:28 - 2018-02-10 07:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-14 04:28 - 2018-02-10 07:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-14 04:28 - 2018-02-10 07:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-14 04:28 - 2018-02-10 07:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-14 04:28 - 2018-02-10 07:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-14 04:28 - 2018-02-10 07:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-14 04:28 - 2018-02-10 07:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-14 04:28 - 2018-02-10 07:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-14 04:28 - 2018-02-10 06:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-14 04:28 - 2018-02-10 06:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-14 04:28 - 2018-02-10 06:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-14 04:28 - 2018-02-10 06:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-14 04:28 - 2018-02-10 06:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-14 04:28 - 2018-02-10 06:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-14 04:28 - 2018-02-10 06:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-14 04:28 - 2018-02-10 06:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-14 04:28 - 2018-02-10 06:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-14 04:28 - 2018-02-10 06:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-14 04:28 - 2018-02-10 06:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-14 04:28 - 2018-02-10 06:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-14 04:28 - 2018-02-10 06:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-14 04:28 - 2018-02-10 06:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-14 04:28 - 2018-02-10 06:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-14 04:28 - 2018-02-10 06:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-14 04:28 - 2018-02-10 06:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-14 04:28 - 2018-02-10 06:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-14 04:28 - 2018-02-10 06:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-14 04:28 - 2018-02-10 06:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-14 04:28 - 2018-02-10 06:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-14 04:28 - 2018-02-10 06:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-14 04:28 - 2018-02-10 06:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-14 04:28 - 2018-02-10 06:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-14 04:28 - 2018-02-10 06:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-14 04:28 - 2018-02-10 06:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-14 04:28 - 2018-02-10 06:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-14 04:28 - 2018-02-10 06:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-14 04:28 - 2018-02-10 06:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-14 04:28 - 2018-01-12 17:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-14 04:28 - 2018-01-12 17:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-14 04:28 - 2018-01-12 17:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-14 04:28 - 2018-01-12 17:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-14 04:28 - 2018-01-12 17:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-14 04:28 - 2018-01-12 17:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-14 04:28 - 2018-01-12 17:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-14 04:28 - 2018-01-12 17:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-14 04:28 - 2018-01-12 17:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-14 04:28 - 2018-01-12 17:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-14 04:28 - 2018-01-12 17:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-14 04:28 - 2018-01-12 17:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 17:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-14 04:28 - 2018-01-12 17:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-14 04:28 - 2018-01-12 17:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-14 04:28 - 2018-01-12 17:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-14 04:28 - 2018-01-12 17:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 04:28 - 2018-01-12 17:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-14 04:28 - 2018-01-12 17:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 04:28 - 2018-01-12 17:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-14 04:28 - 2018-01-12 17:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-14 04:28 - 2018-01-12 17:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-14 04:28 - 2018-01-12 17:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-14 04:28 - 2018-01-12 17:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-14 04:28 - 2018-01-12 17:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-14 04:28 - 2018-01-12 17:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-14 04:28 - 2018-01-12 17:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-14 04:28 - 2018-01-12 17:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-14 04:28 - 2018-01-12 16:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-14 04:28 - 2018-01-12 16:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-14 04:28 - 2018-01-12 16:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-14 04:28 - 2018-01-12 16:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-14 04:28 - 2018-01-12 16:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-14 04:28 - 2018-01-12 16:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 16:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 16:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 04:28 - 2018-01-12 16:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 04:28 - 2018-01-11 17:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-14 04:28 - 2018-01-11 17:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-14 04:28 - 2018-01-11 17:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-14 04:28 - 2018-01-05 17:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-14 04:28 - 2018-01-05 17:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-14 04:28 - 2018-01-05 17:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-14 04:28 - 2018-01-05 17:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-14 04:28 - 2018-01-05 17:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-14 04:28 - 2018-01-05 17:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-14 04:28 - 2018-01-05 17:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-14 04:28 - 2018-01-05 17:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-14 04:28 - 2018-01-05 16:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-14 04:28 - 2017-12-05 18:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-14 04:28 - 2017-12-05 18:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-14 04:28 - 2017-12-05 17:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-14 04:27 - 2018-01-22 00:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-14 04:27 - 2018-01-22 00:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-14 04:27 - 2018-01-19 15:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-14 04:27 - 2018-01-19 15:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-13 17:43 - 2018-02-16 05:38 - 000000000 ____D C:\FRST
2018-02-13 16:30 - 2018-02-13 16:30 - 000000000 ____D C:\Users\Administrator\Documents\BCDB
2018-02-13 10:29 - 2018-02-14 23:33 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-02-12 15:51 - 2018-02-12 15:51 - 000001245 _____ C:\Users\Administrator\Desktop\malware12011544.txt
2018-02-11 10:50 - 2018-02-11 10:50 - 000000000 ____D C:\ProgramData\ATI
2018-02-10 21:58 - 2018-02-15 00:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET
2018-02-10 21:01 - 2018-02-14 23:33 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-02-10 21:01 - 2018-02-14 23:32 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-10 21:01 - 2018-02-13 10:28 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-02-10 21:01 - 2018-02-13 10:26 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-02-10 21:01 - 2018-02-10 21:01 - 000001835 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-10 21:01 - 2018-02-10 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-10 21:01 - 2018-02-10 21:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-10 21:01 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-10 18:54 - 2018-02-10 18:54 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VeraCrypt
2018-02-10 18:43 - 2018-02-10 18:43 - 000000000 _____ C:\Users\Administrator\Desktop\New Text Document.txt
2018-02-08 20:24 - 2018-02-08 20:24 - 000000000 ____D C:\My Files(juergen-PC)
2018-02-08 16:03 - 2018-02-08 16:03 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 16:03 - 2018-02-08 16:03 - 000002182 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-02-07 10:38 - 2018-02-07 10:38 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\77E7F59C.sys
2018-02-07 07:43 - 2018-02-07 07:43 - 000008189 _____ C:\Users\Administrator\Desktop\export_reply_3.nb
2018-02-07 07:41 - 2018-02-07 07:41 - 000000000 ____D C:\Users\Administrator\Desktop\mathe
2018-02-07 07:36 - 2018-02-07 07:37 - 000000000 ____D C:\Users\juergen2\Desktop\Mathe
2018-02-07 05:35 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\.QtWebEngineProcess
2018-02-07 05:35 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\.Plays.tv
2018-02-07 05:33 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Raptr
2018-02-07 05:33 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\PlaysTV
2018-02-06 19:52 - 2018-02-06 19:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\AppEx Networks
2018-02-06 18:41 - 2018-02-06 18:41 - 000000000 ____D C:\Users\Administrator\.QtWebEngineProcess
2018-02-06 18:41 - 2018-02-06 18:41 - 000000000 ____D C:\Users\Administrator\.Plays.tv
2018-02-06 18:38 - 2018-02-06 18:38 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\library_dir
2018-02-06 18:37 - 2018-02-06 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2018-02-06 18:37 - 2018-02-06 18:37 - 000000000 ____D C:\Program Files\AMD Quick Stream
2018-02-06 18:37 - 2015-04-03 01:14 - 000229056 _____ (AppEx Networks Corporation) C:\Windows\system32\Drivers\appexDrv.sys
2018-02-06 18:28 - 2018-02-06 18:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\RadeonInstaller
2018-02-06 18:27 - 2018-02-06 18:27 - 041047112 _____ (AMD Inc.) C:\Users\Administrator\Downloads\radeon-software-adrenalin-18.2.1-minimalsetup-180201_web.exe
2018-02-06 13:49 - 2018-02-06 13:49 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\656387A4.sys
2018-02-06 13:39 - 2018-02-06 13:39 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3353E5FC.sys
2018-02-06 12:25 - 2018-02-10 21:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-06 12:25 - 2018-02-06 12:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\43221302.sys
2018-02-06 09:28 - 2018-02-05 11:39 - 000001167 _____ C:\Windows\system32\Reinigung.cmd
2018-02-06 09:28 - 2017-12-24 23:03 - 000001820 _____ C:\Windows\system32\Wartung.cmd
2018-02-06 09:00 - 2018-02-06 09:03 - 000000000 ____D C:\daten
2018-02-05 23:24 - 2018-02-05 23:41 - 000000000 ___HD C:\~BCWipe.tmp
2018-02-05 18:56 - 2018-02-05 18:56 - 000739464 _____ C:\Users\juergen2\Documents\IMG_20180205_0001.pdf
2018-02-05 11:48 - 2018-02-05 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BCWipe
2018-02-05 11:47 - 2018-02-14 04:11 - 000000000 ____D C:\Program Files (x86)\Jetico
2018-02-02 15:20 - 2018-02-02 15:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\dvdcss
2018-02-02 14:52 - 2018-02-02 14:52 - 000000017 _____ C:\Users\juergen2\AppData\Local\resmon.resmoncfg
2018-02-01 13:05 - 2018-02-01 13:05 - 000001196 _____ C:\Users\Administrator\Desktop\CrystalDiskInfo.lnk
2018-02-01 13:05 - 2018-02-01 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-02-01 13:05 - 2018-02-01 13:05 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2018-02-01 12:01 - 2018-02-05 11:39 - 000001167 _____ C:\Windows\SysWOW64\Reinigung.cmd
2018-02-01 12:01 - 2017-12-24 23:03 - 000001820 _____ C:\Windows\SysWOW64\Wartung.cmd
2018-02-01 00:23 - 2018-02-01 00:23 - 000000000 ____D C:\Users\juergen2\PDF
2018-01-31 23:58 - 2018-01-31 23:58 - 000000181 _____ C:\Users\juergen2\Documents\slashesversion.gp
2018-01-31 22:17 - 2018-01-31 22:17 - 000000142 _____ C:\Users\juergen2\new2.gp
2018-01-31 22:00 - 2018-01-31 21:57 - 000000096 _____ C:\Users\juergen2\Documents\new.txt
2018-01-31 21:17 - 2018-02-01 00:12 - 000007841 _____ C:\Users\juergen2\Documents11.pdf
2018-01-30 23:39 - 2018-01-30 23:40 - 000000127 _____ C:\Users\juergen2\Documents\anmachenFilipina.txt
2018-01-30 20:47 - 2018-01-30 20:47 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Macromedia
2018-01-29 22:31 - 2018-02-04 13:04 - 000004740 _____ C:\Users\juergen2\Documents\23.txt
2018-01-29 22:11 - 2018-01-30 23:09 - 000003173 _____ C:\Users\juergen2\Documents\13.txt
2018-01-29 22:09 - 2018-01-29 22:09 - 001332457 _____ C:\Users\juergen2\Documents\1013.txt
2018-01-29 21:01 - 2018-01-29 21:58 - 000003016 _____ C:\Users\juergen2\Desktop\mmmma.txt
2018-01-28 23:59 - 2018-01-28 23:59 - 000001182 _____ C:\Users\juergen2\Desktop\MailWasherPro.lnk
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firetrust
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Firetrust
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Program Files (x86)\Firetrust
2018-01-28 23:58 - 2018-01-29 00:00 - 000000000 ____D C:\ProgramData\Firetrust
2018-01-28 12:57 - 2018-01-31 21:20 - 000000000 ____D C:\Users\juergen2\Documents\Wolfram Mathematica
2018-01-28 12:57 - 2018-01-29 19:37 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Mathematica
2018-01-28 12:57 - 2018-01-28 12:58 - 000000000 ____D C:\Users\juergen2\AppData\Local\Mathematica
2018-01-28 12:57 - 2018-01-28 12:57 - 000000000 ____D C:\Users\juergen2\AppData\Local\Wolfram
2018-01-27 12:34 - 2018-02-07 07:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mathematica
2018-01-27 12:34 - 2018-02-07 07:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mathematica
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\Users\Administrator\Documents\Wolfram Mathematica
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wolfram
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\ProgramData\Mathematica
2018-01-27 12:30 - 2018-01-27 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica 11.2
2018-01-27 12:27 - 2018-01-27 12:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2018-01-27 12:17 - 2018-01-27 12:17 - 000000000 ____D C:\Program Files\Wolfram Research
2018-01-27 12:00 - 2018-01-27 12:03 - 000000000 ____D C:\Users\Administrator\Downloads\M-WIN-L-11.2.0-5822651
2018-01-27 12:00 - 2018-01-27 12:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wolfram Research
2018-01-18 14:27 - 2018-01-18 14:27 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-01-18 14:27 - 2018-01-18 14:27 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-01-18 14:27 - 2018-01-18 14:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-16 05:13 - 2017-01-04 21:53 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-02-16 03:28 - 2009-07-14 05:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-16 03:28 - 2009-07-14 05:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-16 03:23 - 2015-11-02 13:24 - 003040158 _____ C:\Windows\ntbtlog.txt
2018-02-15 23:12 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-02-15 15:05 - 2015-11-01 10:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-15 15:04 - 2015-11-01 10:23 - 000000000 ____D C:\Users\juergen2\AppData\Local\Adobe
2018-02-15 15:01 - 2015-11-17 18:45 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-15 13:10 - 2016-11-19 14:58 - 000000000 ____D C:\Users\juergen2\AppData\LocalLow\Mozilla
2018-02-15 01:57 - 2015-11-15 10:22 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\gnupg
2018-02-15 01:06 - 2017-05-10 13:31 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Electrum
2018-02-14 23:31 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-14 20:02 - 2017-10-24 16:17 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Electrum
2018-02-14 19:57 - 2009-07-14 06:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-14 19:57 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-14 11:27 - 2009-07-14 05:45 - 000291024 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-14 11:25 - 2015-11-15 19:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-14 04:53 - 2015-11-01 12:47 - 000000000 ____D C:\Windows\system32\MRT
2018-02-14 04:49 - 2017-10-12 02:06 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-14 04:49 - 2015-11-01 12:47 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-13 22:52 - 2017-12-10 15:05 - 000001302 _____ C:\Users\Public\Desktop\Skype.lnk
2018-02-13 22:52 - 2017-12-10 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-02-13 17:01 - 2016-08-27 20:44 - 000000994 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-02-13 17:01 - 2016-08-27 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-02-13 16:24 - 2016-02-18 11:21 - 000001509 _____ C:\DelFix.txt
2018-02-13 09:11 - 2017-01-04 18:02 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\gnupg
2018-02-11 22:29 - 2015-10-31 22:30 - 000000000 ____D C:\datas
2018-02-10 21:00 - 2017-01-04 14:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2018-02-10 12:54 - 2015-10-31 22:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-10 07:54 - 2017-08-26 17:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-08 19:53 - 2015-11-01 11:12 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\vlc
2018-02-08 16:03 - 2015-12-21 20:28 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-08 16:02 - 2017-10-30 10:23 - 000002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-02-07 12:49 - 2016-07-15 12:40 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-07 06:27 - 2016-08-18 13:38 - 000000981 _____ C:\Users\juergen2\Desktop\PARI.lnk
2018-02-07 05:35 - 2015-10-31 22:01 - 000000000 ____D C:\Users\juergen2
2018-02-06 18:41 - 2017-01-03 13:31 - 000000000 ____D C:\Users\Administrator
2018-02-06 18:36 - 2015-11-01 09:41 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-06 18:30 - 2015-11-01 09:39 - 000000000 ____D C:\AMD
2018-02-06 14:06 - 2015-10-31 22:15 - 000065744 _____ C:\Users\juergen2\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-06 12:17 - 2017-01-03 13:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-02-06 11:39 - 2017-01-03 13:33 - 000065744 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-06 09:46 - 2009-07-14 04:20 - 000000000 __RSD C:\Windows\Media
2018-02-06 08:50 - 2015-12-21 20:28 - 000000000 ____D C:\Users\juergen2\AppData\Local\Google
2018-02-06 08:47 - 2016-10-02 17:45 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\NCH Software
2018-02-05 18:04 - 2015-11-13 17:07 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\IrfanView
2018-02-05 16:25 - 2016-11-18 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-02-05 13:03 - 2015-11-01 08:53 - 000000000 ____D C:\xampp
2018-02-04 12:23 - 2017-11-16 22:48 - 000000000 ____D C:\Users\juergen2\AppData\Local\CrashDumps
2018-02-03 16:54 - 2015-11-14 12:57 - 000075264 _____ C:\Users\juergen2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-03 15:38 - 2016-02-24 19:10 - 000000000 ____D C:\div
2018-02-03 15:07 - 2016-01-24 16:00 - 000000000 ____D C:\Users\juergen2\AppData\Local\QuickPar
2018-02-02 11:04 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-01 08:16 - 2016-10-09 09:50 - 000000000 ____D C:\Windows\Minidump
2018-01-31 22:34 - 2016-08-18 19:24 - 000000000 ____D C:\tmp
2018-01-31 22:19 - 2016-08-18 13:37 - 000000000 ____D C:\Program Files (x86)\Pari-2-7-6
2018-01-30 20:47 - 2016-02-17 17:00 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-30 20:47 - 2015-11-01 10:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-28 21:35 - 2015-11-15 10:42 - 000000000 ____D C:\vhd
2018-01-25 00:48 - 2017-06-30 15:19 - 000004100 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1498067933
2018-01-23 19:58 - 2010-11-21 04:27 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-01-19 14:22 - 2015-11-01 09:42 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-18 14:27 - 2016-05-12 18:47 - 000001945 _____ C:\Windows\epplauncher.mif
2018-01-18 14:04 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2017-07-20 19:34 - 2017-07-20 19:34 - 000003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-07 12:31

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---


[CODE]Additional
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Administrator (16-02-2018 05:40:52)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-10-31 21:00:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-963683855-2343051469-89585254-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-963683855-2343051469-89585254-501 - Limited - Disabled)
juergen2 (S-1-5-21-963683855-2343051469-89585254-1000 - Administrator - Enabled) => C:\Users\juergen2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.011.20036 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (HKLM\...\{F15287C6-10E3-1676-AF50-CB0355A302F1}) (Version: 2.00.0002 - Advanced Micro Devices, Inc.)
AMD APP SDK Runtime (HKLM\...\{503F672D-6C84-448A-8F8F-4BC35AC83441}) (Version: 10.0.873.1 - Advanced Micro Devices Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (HKLM\...\{CF84CD21-FC52-857E-AF41-9DEE9C76D245}) (Version: 2.00.0000 - Advanced Micro Devices, Inc.)
AMD Fuel (HKLM\...\{AA20E9E6-96D0-C201-E44D-F7D921F595FD}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
AMD USB 3.0 Device Detector (HKLM\...\{F5733897-B788-4AB1-B399-166A9FBB47A8}) (Version: 2.1.30.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (HKLM\...\{630E5EF7-72F8-9E5D-BEF5-ED85B698E160}) (Version: 1.0.0.15 - Advanced Micro Devices, Inc.)
Arasan 20.2 (HKLM-x32\...\Arasan_is1) (Version:  - )
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
BCWipe 6.0 (HKLM-x32\...\BCWipe) (Version: 6.08.3 - Jetico Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Catalyst Control Center Graphics Previews Common (HKLM-x32\...\{9114BDDB-A6A6-152D-060A-E99307057AD1}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Catalyst Control Center Localization All (HKLM-x32\...\{315D9E6B-98B1-1E2B-9E93-B36A0B104224}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Standard (HKLM-x32\...\{703F229F-573E-10E7-3B44-341DB59AD86B}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Traditional (HKLM-x32\...\{489E5436-B101-CAD9-5571-14746675ECE3}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Czech (HKLM-x32\...\{BBA1614E-6470-7841-8A42-ABD5BA7B3FFE}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Danish (HKLM-x32\...\{AA0E1433-8F16-AA01-E8E9-E6408579D0D8}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Dutch (HKLM-x32\...\{504819D1-3C0A-2695-0007-BBDFA5936D68}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help English (HKLM-x32\...\{6C495748-5F03-0B97-568B-76D0368FB460}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Finnish (HKLM-x32\...\{D9CBA021-DB41-9736-923F-52E3E426912D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help French (HKLM-x32\...\{B03A580A-5D67-DAC5-59A1-7AD7C513381C}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help German (HKLM-x32\...\{69DF4822-9B16-CE04-7587-22E09FB5FD1D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Greek (HKLM-x32\...\{968C0E92-6DA9-5784-9A0B-1061D0CB2C14}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Hungarian (HKLM-x32\...\{11BC8F83-7260-65EB-3E0A-FA7AC894B42D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Italian (HKLM-x32\...\{FE4DC915-D724-E72C-EF86-DC5B89961ACF}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Japanese (HKLM-x32\...\{C9353DBC-A47C-2C9B-AF32-5E2C8B4E3D3A}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Korean (HKLM-x32\...\{37DBC990-C514-3821-D6FB-12E0745AA990}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Norwegian (HKLM-x32\...\{79E3071B-8A0C-C105-6442-CF611732601E}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Polish (HKLM-x32\...\{A12E8E1A-A77D-94E5-72F8-E83D6256AF11}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Portuguese (HKLM-x32\...\{AD5E3969-F0C0-ECBF-45E5-C36B84904281}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Russian (HKLM-x32\...\{CFA2067C-AE90-3BF9-06AF-E7E65E679B3D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Spanish (HKLM-x32\...\{110E4EE7-85A9-B76B-B943-C0C1CF0C2F74}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Swedish (HKLM-x32\...\{42A97797-A255-49F9-4250-D58A9CEA2904}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Thai (HKLM-x32\...\{31BC0B51-0676-A531-3940-1818B609EEA7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Turkish (HKLM-x32\...\{9DB45EC2-90E7-642D-7CF9-5AC2FBDC14F7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
ccc-utility64 (HKLM\...\{C3463F9A-E635-02E0-C351-41D16074E202}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Convert XLS (HKLM-x32\...\Convert XLS_is1) (Version:  - Softinterface, Inc.)
CrystalDiskInfo 7.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World)
Dr. Hardware 2015 15.5d (HKLM-x32\...\Dr. Hardware 2015_is1) (Version:  - Peter A. Gebhard)
Electrum (HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Electrum) (Version: 2.8.2 - Electrum Technologies GmbH)
Free Pascal 3.0.0 (HKLM-x32\...\FreePascal_is1) (Version:  - Free Pascal Team)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.195.0 - International GeoGebra Institute)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (2.3.3) (HKLM-x32\...\GPG4Win) (Version: 2.3.3 - The Gpg4win Project)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
GUI Turbo Assembler Ver 3.0.1 (HKLM-x32\...\{F522C947-52FA-4C01-B933-16292944E000}) (Version: 3.0.1 - Lakhya's Innovation Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.135.1 - Intel Security)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Lazarus 1.6.2 (HKLM\...\lazarus_is1) (Version: 1.6.2 - Lazarus Team)
MailWasherPro (HKLM-x32\...\{D16B61A0-A55E-47A9-BA73-8A5E92C26DB2}) (Version: 7.11.05 - Firetrust)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
ManyCam 5.3.0 (HKLM-x32\...\ManyCam) (Version: 5.3.0 - Visicom Media Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 de) (HKLM\...\Mozilla Firefox 58.0.2 (x64 de)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Opera Stable 50.0.2762.67 (HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\Opera 50.0.2762.67) (Version: 50.0.2762.67 - Opera Software)
Pari-2-7-6 (remove only) (HKLM-x32\...\Pari-2-7-6) (Version:  - )
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PilotEdit Lite 10.7.0 (HKLM-x32\...\PilotEdit Lite_is1) (Version:  - )
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Scid vs PC 4.16 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.16 - Steven Atkinson)
SharpKeys (HKLM\...\{F6908C45-459A-4332-A3F2-03DAAB64939D}) (Version: 3.6.0000 - RandyRants.com)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Skype version 8.15 (HKLM-x32\...\Skype_is1) (Version: 8.15 - Skype Technologies S.A.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Web Companion (HKLM-x32\...\{37c882f6-40f7-46a4-9ccb-8e2808e1a79e}) (Version: 2.4.1558.3001 - Lavasoft)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wolfram Mathematica 11.2 (M-WIN-L 11.2.0 5822651) (HKLM\...\M-WIN-L 11.2.0 5822651_is1) (Version: 11.2.0 - Wolfram Research, Inc.)
Wondershare Data Recovery(Build 6.5.1.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.5.1.5 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version:  - )
Xilinx Design Tools Vivado HL WebPACK 2016.3 (C:\Xilinx) (HKLM\...\Xilinx_Vivado HL WebPACK_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx DocNav (C:\Xilinx) (HKLM\...\Xilinx_DocNav_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx Information Center (C:\Xilinx) (HKLM\...\Xilinx_Xilinx Information Center_2016.3#0) (Version: 2016.3 - Xilinx Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] ()
ContextMenuHandlers1: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers1: [PilotEdit] -> {277B9550-37E2-47DE-B533-89A1EBD82DB9} => C:\Program Files (x86)\PilotEdit Lite\EShell_x64.dll [2013-01-01] (PilotEdit)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FB3732E-9592-444D-A701-81DF304F14A9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe
Task: {52280D98-8387-416F-A272-A7F4C0CE7B93} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {6ADA2DE3-F929-4442-BCBE-E1D403613F2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
Task: {95071769-72CA-42B3-82ED-D79B6AB979FD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {AD24AC21-72E8-4AFB-8BA6-BC0413019E02} - System32\Tasks\Opera scheduled Autoupdate 1498067933 => C:\Users\juergen2\AppData\Local\Programs\Opera\launcher.exe [2018-01-22] (Opera Software)
Task: {BE9E6706-8A73-4F34-8BC7-F4B899EDF1C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E302C505-2A7A-4384-87A8-489CE462BC3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F4DDD129-C6FA-4772-AC2D-CE369BA97A92} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {F6F30DFE-BB87-4833-A1E0-CEE92CCDEE3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-08-04 00:25 - 2015-08-04 00:25 - 000214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2016-08-18 09:27 - 2016-08-18 09:27 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2018-02-10 21:01 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 000102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-01-01 02:07 - 2018-01-01 02:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-08-18 09:14 - 2016-08-18 09:14 - 000222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-08-18 09:09 - 2016-08-18 09:09 - 000103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-08-18 09:03 - 2016-08-18 09:03 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-08-18 09:14 - 2016-08-18 09:14 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-08-18 09:17 - 2016-08-18 09:17 - 000751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2018-01-01 02:07 - 2018-01-01 02:07 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-963683855-2343051469-89585254-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-02-10 18:45 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-963683855-2343051469-89585254-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-963683855-2343051469-89585254-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BCWipeSvc => 2
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: vssbrigde64 => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^juergen2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.lnk => C:\Windows\pss\MailWasherPro.lnk.Startup
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr Inc\Raptr\raptrstub.exe --startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E08E8243-C2A1-4221-90A7-14736621DBE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EA08C55-5310-4A9E-8ABB-32F4A49FF91B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97587CB0-9EAA-4B76-AE0F-849E608FE32D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{81373308-C4D3-45DA-ABFB-9FF3613C6D5D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{27E94056-EE89-40C2-88F9-FCDD1B8E5D43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D80E4AD5-8012-4DE4-B0FE-3695EFEBEAED}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E4AFD96A-B990-4558-B5EE-3F16F3B150B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EFF6531-5BDD-4CC8-BCE4-8C1B36A92B77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1144CB11-19E6-41BF-BAFF-C3CBF53D788E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{D076BE44-8E6B-4596-BDAA-38B73655C620}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{BA663251-09BF-4823-8DE3-357013B1B8CE}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [UDP Query User{E5E54FE6-C09E-4ABB-90E3-E86CBF75A6F2}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [TCP Query User{3562059C-09AD-49C5-B7A8-F01122A24FF9}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{F0D6FC0B-D3F6-4346-A980-F46D4C9D1B96}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{98C9BD54-7195-421F-8622-82F19A588534}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [UDP Query User{823BFEF5-2144-437C-A54B-BCCA12451298}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [TCP Query User{43DE325D-FD61-460D-842E-290A5202FB7F}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{DFCF343D-2298-479B-820C-A9D87E56AFF7}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [TCP Query User{A1496639-68D5-46B4-967E-A505FB7D9C89}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [UDP Query User{D2661694-9DE9-4B85-AA71-E76B9FE67E92}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [TCP Query User{DA6A1C4E-6658-4536-B8A6-C2F9FD65FD61}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [UDP Query User{4C306084-351A-440E-86A7-02F33064F80E}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [TCP Query User{82621B54-D4E3-4191-A32E-7FB2E966AFE0}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{FA455FFB-BB85-4880-8324-9ED51129A541}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [TCP Query User{AFDB542D-C34E-4DBA-A5E8-13FD772F4676}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{821974AD-1244-4300-8892-42C965D1C906}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [{776A7697-A9FA-4D00-AE02-02733E032793}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{179DB254-E4A7-44FD-8180-A252E383B707}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{5881A1B3-618E-4628-AF81-07C027281C34}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [UDP Query User{B1095A5C-EA19-4532-BE33-41EF9C86B1D8}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [TCP Query User{B12981FF-B265-4AD8-90CC-1CAA78AFF9D3}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{17966661-BA79-4C90-BC0D-63434C7A2A9F}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{359222EA-9F94-4EDA-A978-E08B0C015F21}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{DCC70F92-DA66-4518-B65F-551E06FAED96}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{0C48E5AD-B230-4661-BAFF-D286C90BF7ED}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{5E82995E-38F3-476B-98A0-E4055D9530E6}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{FF3B1697-47E7-4E15-A46F-14DAD9A34297}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{91BF5810-5F2B-4B0B-89A6-13C7BD7AF7E0}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [{A15FD59F-4DEB-48C5-B0AB-C560507A5BD9}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{7B27A2F1-A1C2-40B1-856F-69E72A5FDD68}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{109B94D2-FB0C-44F2-A49B-C1ABC4AE84C2}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{0E26162C-0928-4A55-BFA2-D3D7A388B22E}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{8BAD0C4F-C654-432F-8A46-8CBC4BFF20AF}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{81FA3FFE-6DEF-4F3D-871E-6120D650F375}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{E12FBEE4-11A9-4252-B72E-9DA5B9A82CDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7DA09561-F33A-4F74-AE93-BE232605E318}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C619FF61-7405-4E6D-B469-F5ED7A4CEBEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5D49AA65-E9EC-4E40-AF85-819A887C58C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A5989984-670A-4953-A4B2-97E2981C1C4E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.58\opera.exe
FirewallRules: [{51A58F52-6A7A-4F9F-A9D3-54673771201E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.67\opera.exe
FirewallRules: [{858D641F-B90B-4B90-9641-DFF96825B635}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{36275EA3-11DB-4932-AC9B-19B7D18F4C95}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{A9C5985A-EEDC-40A3-BBEC-1E2E964F227C}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{A6DED921-ACDB-4F33-8FF6-E322906C2092}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{9D3AC6F5-DD80-4C6C-AC12-2DE855E84AE0}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
FirewallRules: [{719EF127-CBDB-42E9-AA42-01703EB925AD}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
FirewallRules: [{DA9DDE8A-7D1E-4CB2-B687-92FE13D0248D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{94A37815-6EB1-4CFE-9596-10C41931DA8D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

==================== Restore Points =========================

14-02-2018 18:02:18 Windows Update
14-02-2018 18:36:11 Windows Update
14-02-2018 23:17:35 Windows Update
15-02-2018 03:00:35 Windows Update
16-02-2018 03:00:20 Windows Update

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: AODDriver4.1
Description: AODDriver4.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2018 04:16:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.17060.1019, time stamp: 0x0206ae46
Faulting module name: ntdll.dll, version: 6.1.7601.24024, time stamp: 0x5a58e571
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x1984
Faulting application start time: 0x01d3a6073c124a39
Faulting application path: C:\Windows\system32\CompatTelRunner.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: aa01d0d7-11fe-11e8-bbc6-8c89a53586cf

Error: (02/15/2018 01:43:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program kleopatra.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b44

Start Time: 01d3a5f5081f8724

Termination Time: 0

Application Path: C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe

Report Id: 2df06211-11e9-11e8-bbc6-8c89a53586cf

Error: (02/14/2018 11:33:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2018 11:22:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2018 08:29:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2018 07:45:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2018 06:07:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2018 04:54:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/16/2018 03:02:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: 2018-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4076492).

Error: (02/15/2018 03:03:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: 2018-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4076492).

Error: (02/15/2018 12:08:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (02/15/2018 12:08:00 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/15/2018 12:08:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (02/15/2018 12:08:00 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/15/2018 12:08:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (02/15/2018 12:07:59 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Windows Defender:
===================================
Date: 2015-11-05 16:46:24.583
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2015-11-05 06:18:26.559
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
Signature version:1.209.968.0
Engine version:1.1.6402.0

Date: 2015-11-05 06:18:07.182
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2015-11-05 07:09:53.063
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.061
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.029
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-11-05 07:09:53.027
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: AMD A6-3650 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 88%
Total physical RAM: 7665.37 MB
Available physical RAM: 884.38 MB
Total Virtual: 11759.54 MB
Available Virtual: 2428.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.18 GB) (Free:171.3 GB) NTFS
Drive d: (neueMaxTor) (Fixed) (Total:443.23 GB) (Free:149.69 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Dritte Externe Teil 1) (Fixed) (Total:351.38 GB) (Free:50.38 GB) NTFS
Drive h: (Poops) (Fixed) (Total:347.16 GB) (Free:44.24 GB) NTFS
Drive i: (PalleMalle) (Fixed) (Total:931.51 GB) (Free:87.12 GB) NTFS
Drive j: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:29.91 GB) NTFS
Drive k: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive l: (UZFHGF) (Removable) (Total:3.73 GB) (Free:0.04 GB) FAT32

\\?\Volume{39adc126-8011-11e5-b8fa-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9A083BDB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7191D59B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=351.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=347.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 002EFF55)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 3.7 GB) (Disk ID: E929F505)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)

========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: AAE66568)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---

Alt 16.02.2018, 12:14   #14
M-K-D-B
/// TB-Ausbilder
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Servus,


ok, mein Fehler, dann hab ich das falsch verstanden.




Zitat:
Hatte oder habe ich diesen BKA noch oder schon oder was?
Nein. Reste davon in der Registry haben wir entfernt.




Zitat:
was fehlt noch ?
der hitman ist noch offen soll ich da säuber machen ?
Aufräumen kommt jetzt. HitmanPro kannst du selber (per Hand) entfernen, wenn nicht mehr benötigt.

Einige deiner Backups sind infiziert, die betroffenen Dateien entfernen wir noch. Du solltest ein neues Backup machen. Mehr dazu auch am Ende dieses Posts.





Reste entfernen
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    J:\JUERGEN-PC\Backup Set 2015-10-18 232830\Backup Files 2015-10-18 232830\Backup files 1.zip
    J:\JUERGEN-PC\Backup Set 2015-10-18 232830\Backup Files 2015-10-18 232830\Backup files 1434.zip
    J:\JUERGEN-PC\Backup Set 2015-10-18 232830\Backup Files 2015-10-18 232830\Backup files 16.zip
    J:\JUERGEN-PC\Backup Set 2015-10-18 232830\Backup Files 2015-10-18 232830\Backup files 2.zip
    J:\JUERGEN2-PC\Backup Set 2017-01-08 190007\Backup Files 2017-01-08 190007\Backup files 18.zip
    J:\JUERGEN2-PC\Backup Set 2017-01-08 190007\Backup Files 2017-01-08 190007\Backup files 6.zip
    J:\JUERGEN2-PC\Backup Set 2017-02-26 190010\Backup Files 2017-02-26 190010\Backup files 22.zip
    J:\JUERGEN2-PC\Backup Set 2018-02-04 190004\Backup Files 2018-02-04 190004\Backup files 41.zip
    Reboot:
    End::
             
  • Starte nun FRST und klicke direkt den Entfernen Button. Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.







Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...
Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.

Hinweise:
Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Cleanup
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • Starte deinen Rechner zum Abschluss neu auf.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst du diese bedenkenlos löschen.






Virenscanner + Firewall
Vorab sei erwähnt, dass man niemals die Schutzwirkung eines Virenscanners überbewerten darf! Kein Antivirusprogramm erkennt 100% der Schadsoftware.

Sofern du noch unentschieden bist, verwende MAXIMAL EIN EINZIGES der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Verwende immer nur reine Virenscanner (keine Produkte mit "Suite", "Internet Security", "Endpoint" oder "Total Security" in Namen, denn diese bringen kontraproduktive Firewalls mit - die Windows-Firewall ist alles was benötigt wird)

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware , AdwCleaner und mit dem ESET Online Scanner scannen.
Diese Programme sind alle kostenlos und stören nicht den Betrieb deines Antivirenprogramms.





Absicherungen
Beim Betriebsystem Windows ist es wichtig, die automatischen Updates zu aktivieren.
Auch sicherheitsrelevante Software sollte immer in aktueller Version vorliegen.

Das zeitnahe Einspielen von Updates ist erforderlich, damit Sicherheitslücken geschlossen werden. Sicherheitslücken werden beispielsweise dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Besonders aufpassen bzgl. der Aktualität musst du insbesondere bei folgender Software - sofern diese überhaupt benötigt wird:

Optionale Browsererweiterungen
  • Adblock Plus oder uBlock Origin (Firefox - Chrome) - können Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
  • NoScript - verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. NoScript kann gerade bei technisch nicht allzu versierten Nutzern beim Surfen zum Nervfaktor werden; ob das Tool geeignet ist, muss jeder selbst mal ausprobieren und dann für sich entscheiden.





Grundsätzliches
  • Ändere regelmäßig deine Online-Passwörter und erstelle regelmäßig Backups deiner wichtigen Dateien oder des Systems. Genaueres dazu findest du unten im Lesestoff zu Backups.
  • Lade keine Software von Chip, Softonic, SourceForge, openoffice.de oder VLC.de. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Halte dich von Seiten wie kinox.to & Co fern! Diese Seiten sind bekannt dafür, Schadsoftware zu verbreiten bzw. leiten auf infizierte Seiten weiter.
  • Lade Software von einem sauberen Portal wie oder direkt beim jeweiligen Hersteller / Entwickler.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne die Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten bis nicht belegbar. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht.
    Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.





Lesestoff:
Backup-/Image-Tools

IMHO sind Wiederherstellungspunkte nix weiter als eine Notlösung, wer sich auf was Funktionierendes verlassen will und muss, kommt um echte Backup/Imaging Software nicht herum. Ich nehme unter Windows immer Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64

Damit man sinnvolle Backups hat, muss man regelmäßig (z. B. wöchentlich) ein Image auf eine separate externe Festplatte erstellen. Diese externe Festplatte wird nur dann angeschlossen, wenn man das Backup erstellen will (oder etwas wiederherstellen muss), sonsten bleibt sie aus Sicherheitsgründen sicher im Schrank verwahrt - allein schon aus dem Grund, die Backups vor Krypto-Trojaner zu schützen.



Option 1: Drivesnapshot

Offizielle TB-Anleitung --> http://www.trojaner-board.de/186299-...esnapshot.html






Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64
Download (32-Bit) => http://www.drivesnapshot.de/download/snapshot.exe
Download (64-Bit) => http://www.drivesnapshot.de/download/snapshot64.exe



Es gibt da auch leicht abgespeckte Versionen von Acronis TrueImage gratis wenn man Platten von Seagate und/oder Western Digital hat. Vllt sagen diese Programme dir mehr zu. Mein Favorit aber ist das kleine o.g. Drivesnapshot.



Option 2: Seagate DiscWizard
Download => Seagate DiscWizard - Download - Filepony


Screenshots:
http://filepony.de/screenshot/seagate_discwizard5.jpg
http://filepony.de/screenshot/seagate_discwizard4.png
http://filepony.de/screenshot/seagate_discwizard3.jpg




Option 3: Acronis TrueImage WD Edition
Download => Acronis True Image WD Edition - Download - Filepony


Screenshots:
http://filepony.de/screenshot/acroni...d_edition1.jpg
http://filepony.de/screenshot/acroni...d_edition2.jpg
__________________
Gruß
M-K-D-B


Das Trojaner-Board unterstützen

Alt 16.02.2018, 13:33   #15
juergen007
 
OTL scan auf BKA trojaner - Standard

OTL scan auf BKA trojaner



Dies backuptool, von c: nehme ich an, kann man das auf eine saubere festplatte machen wo noch 110 gb Frei sind?

Muss ich also damit rechnen, dass das BKa alle meine passwoerter dich ich sehr oft ändere, weiss?
welcher registry eintrag war das genau?

Danke

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Administrator (16-02-2018 13:21:32) Run:4
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: juergen2 & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AppInit_DLLs-x32: hplun.dll => No File
FF NewTabOverride: Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 -> Disabled: _j5Members_@ext.ask.com
S4 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe" [X]
S4 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X]
S4 TrueKeyScheduler; "C:\Program Files\TrueKey\McTkSchedulerService.exe" [X]
S3 TrueKeyServiceHelper; "C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe" [X]
C:\Program Files\TrueKey
U3 aswbdisk; no ImagePath
S1 bcbus; system32\DRIVERS\bcbus.sys [X]
S3 X6va037; \??\C:\Windows\SysWOW64\Drivers\X6va037 [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
Task: {21022CE6-BFE7-40E7-AAFA-15A6CC72356B} - System32\Tasks\{E140102B-F244-4775-9758-5FA77AFD8886} => C:\Windows\system32\pcalua.exe -a "C:\Users\juergen2\Downloads\chromeinstall-8u77 (1).exe" -d C:\Users\juergen2\Downloads
Task: {213D38E2-E0E5-4EFB-88BC-AC61BF33552B} - System32\Tasks\{849B1E16-7952-40E5-887E-DAAD93154E62} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\putty.exe -d D:\backupMaxtor80gb\data
Task: {22DA9795-90BD-4731-AB6A-BD01A662D2F9} - System32\Tasks\{9C6CF1E7-9264-4314-BC30-F7778072B17B} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\wlsetup3528-all.exe -d d:\backupMaxtor80gb\data\
Task: {3B11371B-11AB-415E-8185-32A4F05C4B0F} - System32\Tasks\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB} => C:\Windows\system32\pcalua.exe -a C:\camel\SilkroadOnlineGlobal_Official_v1_486.exe -d c:\camel\
Task: {4ADE3327-7150-4BB8-87C3-76601FC67879} - System32\Tasks\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\i2pinstall_0.9.30_windows.exe -d D:\backupMaxtor80gb\data
Task: {A6D9A0B3-82A7-4937-910D-C86CC1F2F571} - System32\Tasks\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343} => C:\Windows\system32\pcalua.exe -a C:\datas\jxpiinstall(4).exe -d C:\datas
Task: {DAC363AC-634F-4411-8C93-334B4E476B58} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware
EmptyTemp:

*****************

"hplun.dll" => Value data not found.
"FF NewTabOverride: Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 -> Disabled: _j5Members_@ext.ask.com" => not found
InstallerService => service not found.
McComponentHostService => service not found.
TrueKey => service not found.
TrueKeyScheduler => service not found.
TrueKeyServiceHelper => service not found.
"C:\Program Files\TrueKey" => not found
aswbdisk => service not found.
bcbus => service not found.
X6va037 => service not found.
ZAM => service not found.
ZAM_Guard => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21022CE6-BFE7-40E7-AAFA-15A6CC72356B} => key not found
"C:\Windows\System32\Tasks\{E140102B-F244-4775-9758-5FA77AFD8886}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E140102B-F244-4775-9758-5FA77AFD8886} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{213D38E2-E0E5-4EFB-88BC-AC61BF33552B} => key not found
"C:\Windows\System32\Tasks\{849B1E16-7952-40E5-887E-DAAD93154E62}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{849B1E16-7952-40E5-887E-DAAD93154E62} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22DA9795-90BD-4731-AB6A-BD01A662D2F9} => key not found
"C:\Windows\System32\Tasks\{9C6CF1E7-9264-4314-BC30-F7778072B17B}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9C6CF1E7-9264-4314-BC30-F7778072B17B} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B11371B-11AB-415E-8185-32A4F05C4B0F} => key not found
"C:\Windows\System32\Tasks\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ADE3327-7150-4BB8-87C3-76601FC67879} => key not found
"C:\Windows\System32\Tasks\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6D9A0B3-82A7-4937-910D-C86CC1F2F571} => key not found
"C:\Windows\System32\Tasks\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAC363AC-634F-4411-8C93-334B4E476B58} => key not found
"C:\Windows\System32\Tasks\McAfee Remediation (Prepare)" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare) => key not found
"C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10733576 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 145068 B
Edge => 0 B
Chrome => 0 B
Firefox => 413244038 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5986 B
juergen2 => 75828929 B
Administrator => 445349 B

RecycleBin => 0 B
EmptyTemp: => 477.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:21:53 ====
         

Antwort

Themen zu OTL scan auf BKA trojaner
administrator, adobe, bho, cdrom, defender, error, explorer, explorer.exe, firefox, format, google, malwarebytes, microsoft, mozilla, opera, realtek, registry, scan, security, software, system32, trojaner, usb, windows, winlogon



Ähnliche Themen: OTL scan auf BKA trojaner


  1. Windows Vista: 17 infizierte Dateien nach Eset Scan + schwarzer Desktop nach GMER-Scan
    Log-Analyse und Auswertung - 18.10.2015 (23)
  2. Sophos Scan bricht ab - W32/DCmem-A muss vor dem Fortsetzen des Scan-Vorgangs bereinigt werden
    Antiviren-, Firewall- und andere Schutzprogramme - 24.06.2015 (18)
  3. Avira Scan, Trojaner TR/Crypt.ZPACK.50636 gefunden, Fehlalarm oder echter Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (17)
  4. Windows 7 Starter: Avast Scan meldet Rootkits, bei zweitem Scan keine mehr
    Log-Analyse und Auswertung - 25.09.2014 (18)
  5. Scan mit Farbars Recovery Scan Tool durchgeführt, was mache ich jetzt?
    Log-Analyse und Auswertung - 14.02.2014 (1)
  6. McAfee Echtzeit Scan deaktiviert, PC-Scan nicht möglich
    Log-Analyse und Auswertung - 01.11.2013 (7)
  7. Windows 8: McAfee Echtzeit-Scan lässt sich nicht aktiveren, keine normaler Scan möglich
    Log-Analyse und Auswertung - 29.09.2013 (19)
  8. Win7 - Startseite Firefox auf QV06 umgeleitet - Scan u. Desinfektion mit MbAM, nun weitere Funde nach online-Scan mit ESET
    Log-Analyse und Auswertung - 24.08.2013 (9)
  9. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013 Ran by Verena (administrator) on 24-07-2013 20:57:45 Running f
    Mülltonne - 24.07.2013 (1)
  10. Trojaner Verdacht, MBR scan log
    Log-Analyse und Auswertung - 31.05.2013 (5)
  11. Laptop immer langsamer, absturz, OTL scan abgestürzt, gmer scan > Systemabsturz - HILFE!
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (3)
  12. OTL Scan bei BKA Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (6)
  13. BKA-Trojaner, OTL-Scan mit Fehlermeldung
    Log-Analyse und Auswertung - 14.08.2012 (3)
  14. Vecna Scan & TCP FIN Scan im DHCP Clientlogbuch
    Log-Analyse und Auswertung - 04.04.2011 (2)
  15. Mein Scan Log für Trojaner
    Mülltonne - 21.10.2008 (1)
  16. 53 Viren, Trojaner, ... mit e-Scan
    Log-Analyse und Auswertung - 22.06.2008 (1)
  17. 53 Viren, Trojaner, ... mit e-Scan
    Mülltonne - 22.06.2008 (0)

Zum Thema OTL scan auf BKA trojaner - Ich ließ wg. eines Hinweises in einem anderen Thread https://www.trojaner-board.de/121343-logfileauswertung-otl.html mal ein OTL Version 3.2.69.0 laufen mit quick run ohne weitere präparierte Listen. Gibt es diesen BKA trojaner noch? Evtl. - OTL scan auf BKA trojaner...
Archiv
Du betrachtest: OTL scan auf BKA trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.