| |
| |||||||
Log-Analyse und Auswertung: Windows 10 Pro - Trojan.FakeMS.EDWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.12.2016, 23:13
| #1 |
 |  Windows 10 Pro - Trojan.FakeMS.ED Komisch, dass ich mich hier mal wiederfinde in der Sektion  Jedenfalls, nach dem ich von Malwarebytes 2 auf 3 gegangen bin, wurde komischerweise direkt was von Malwarebytes gefunden, n' Trojan.FakeMS.ED. Nach dem mir die Automatisierte Planung ständig in den Bedrohungssuchlauf gegretscht ist, hab ich den Ordner manuell ausfindig machen können und einen Benutzerdefinierten-Scan machen können. Zu erst mal MBAM: Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 08.12.16
Scan-Zeit: 22:37
Protokolldatei:
Administrator: Ja
-Softwaredaten-
Version: 3.0.4.1269
Komponentenversion: 1.0.39
Version des Aktualisierungspakets: 1.0.659
Lizenz: Premium in der Toleranzperiode
-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: COMPUTER-128234\Tygan
-Scan-Übersicht-
Scan-Typ: Benutzerdefinierter Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 114
Abgelaufene Zeit: 4 Min., 23 Sek.
-Scan-Optionen-
Speicher: Deaktiviert
Start: Deaktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 1
Trojan.FakeMS.ED, C:\PROGRAMDATA\PACKAGE CACHE\{B03A77CC-DD66-8A71-731F-6D883E090273}V10.1.14393.0\INSTALLERS\74654E0595E05A162C50D9F696C4F0B1.CAB, Keine Aktion durch Benutzer, [1215], [70644],1.0.659
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by SYSTEM (administrator) on COMPUTER-128234 (08-12-2016 22:52:35)
Running from C:\Users\Tygan\Desktop
Loaded Profiles: Tygan & (Available Profiles: Tygan & Administrator & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\puush\puush.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Farbar) C:\Users\Tygan\Desktop\EnglishFRST64.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NetSpeedMonitor] => "C:\Program Files\NetSpeedMonitor\nsmc.exe"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2016-04-14] (VMware, Inc.)
HKLM Group Policy restriction on software: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy <====== ATTENTION
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211338376\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212450725\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220456406\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016221151456\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223138043\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211338737\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212451795\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220456661\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016221157811\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223140317\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
SSODL: EldosMountNotificator-cbfs6 - {73F8D53A-4E1F-4434-A7D0-7C1E3B50BB78} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs6 - {73F8D53A-4E1F-4434-A7D0-7C1E3B50BB78} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_d1739.dll No File
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_d1739.dll No File
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_d1739.dll No File
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_d1739.dll No File
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {36A9E202-9EBD-4037-9EC8-9403A1FE827B} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_d1739.dll No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {36A9E202-9EBD-4037-9EC8-9403A1FE827B} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk [2016-07-10]
ShortcutTarget: NETGEAR WNA3100M Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{e4d82f0f-ecda-424f-875d-91bc841b06cd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f2c76c85-8df8-4ee3-a794-c760b75c17ca}: [NameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-624198674-977653023-2037852723-1021\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
Chrome:
=======
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-04-05] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2016-11-26] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12471368 2016-04-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [316120 2014-08-18] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALSysIO; C:\Users\Tygan\AppData\Local\Temp\ALSysIO64.sys [35320 2016-12-08] (Arthur Liberman)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-06-13] (EldoS Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-17] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-17] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-11-26] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [199304 2016-11-26] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2016-11-26] (ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [181384 2016-11-26] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2016-11-29] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2016-12-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2016-12-08] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [3859704 2015-10-16] (Realtek Semiconductor Corporation )
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [125008 2015-11-10] (Oracle Corporation)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [198248 2016-08-01] (IDRIX)
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [18624 2016-06-13] (EldoS Corporation)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-08 22:52 - 2016-12-08 23:00 - 00037615 _____ C:\Users\Tygan\Desktop\FRST.txt
2016-12-08 22:52 - 2016-12-08 22:52 - 00000000 ____D C:\Users\Tygan\Desktop\FRST-OlderVersion
2016-12-08 22:50 - 2016-12-08 22:52 - 00000000 ____D C:\FRST
2016-12-08 22:02 - 2016-12-08 22:02 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\27A57000.sys
2016-12-08 22:00 - 2016-12-08 22:00 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\191B6EAC.sys
2016-12-08 20:58 - 2016-12-08 22:02 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-08 20:57 - 2016-12-08 22:02 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-08 20:57 - 2016-12-08 22:02 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-08 20:57 - 2016-12-08 20:57 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-08 20:57 - 2016-12-08 20:57 - 00001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-08 20:57 - 2016-12-08 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-08 20:57 - 2016-12-08 20:57 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-08 20:57 - 2016-11-29 06:27 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-08 20:54 - 2016-12-08 20:56 - 51969976 _____ (Malwarebytes ) C:\Users\Tygan\Desktop\mb3-setup-consumer-3.0.4.1269.exe
2016-12-08 13:03 - 2016-12-08 13:03 - 00000022 _____ C:\WINDOWS\S.dirmngr
2016-12-08 13:03 - 2016-12-08 13:03 - 00000000 ____H C:\ProgramData\cm-lock
2016-12-08 03:39 - 2016-12-08 03:39 - 00000037 _____ C:\Users\Tygan\Desktop\Witcher 3 #048 Gronkh.txt
2016-12-07 00:23 - 2016-12-07 13:57 - 00000000 ____D C:\Users\Tygan\Downloads\16979910
2016-12-07 00:23 - 2016-12-07 00:23 - 00527677 _____ C:\Users\Tygan\Downloads\16979910.zip
2016-12-06 23:10 - 2016-12-06 23:10 - 00003319 _____ C:\Users\Tygan\Desktop\Sophiesbye.txt
2016-12-06 21:53 - 2016-12-06 21:53 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-06 02:54 - 2016-12-08 03:39 - 00000037 _____ C:\Users\Tygan\Desktop\Witcher 3 #025 Gronkh.txt
2016-12-05 16:58 - 2016-12-05 16:58 - 05202504 _____ (WiseCleaner.com ) C:\Users\Tygan\Downloads\WDCFree933.exe
2016-12-04 01:27 - 2016-12-04 01:27 - 00109187 _____ C:\Users\Tygan\Downloads\16979910.7z
2016-12-04 00:01 - 2016-12-04 00:02 - 00002870 _____ C:\Users\Tygan\Desktop\FSS.txt
2016-12-03 21:57 - 2016-12-03 21:57 - 03598460 _____ C:\Users\Tygan\Downloads\The Chain Gang of 1974 - Sleepwalking
2016-12-03 00:15 - 2016-12-03 00:16 - 41221640 _____ C:\Users\Tygan\Downloads\Alan Walker - Alone.mp4
2016-12-02 01:48 - 2016-12-02 01:48 - 06052902 _____ C:\Users\Tygan\Downloads\drive-download-20161202T004756Z.zip
2016-12-02 01:15 - 2016-12-02 01:15 - 38837557 _____ C:\Users\Tygan\Downloads\Bruno Mars - Just The Way You Are - Auf Deutsch_.mp4
2016-11-30 23:11 - 2016-11-30 23:12 - 58232286 _____ C:\Users\Tygan\Downloads\Faith No More - Everythings Ruined (Official Music Video).mp4
2016-11-30 00:42 - 2016-11-30 01:01 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\TS3Client
2016-11-30 00:42 - 2016-11-30 00:42 - 00001291 _____ C:\Users\Tygan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-11-29 23:22 - 2016-11-29 23:22 - 39014390 _____ C:\Users\Tygan\Documents\29-11-2016.reg
2016-11-29 22:23 - 2016-11-29 22:27 - 72565550 _____ C:\Users\Tygan\Downloads\Ubi30 Exclusive GIF.zip
2016-11-29 22:23 - 2016-11-29 22:25 - 19590284 _____ C:\Users\Tygan\Downloads\Exclusive Digital Posters from E3 2016.zip
2016-11-29 22:23 - 2016-11-29 22:25 - 14521411 _____ C:\Users\Tygan\Downloads\Ubi30 360 Image.zip
2016-11-29 22:21 - 2016-11-29 22:21 - 11044981 _____ C:\Users\Tygan\Downloads\For Honor GIFs.zip
2016-11-29 00:09 - 2016-12-06 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-11-28 19:48 - 2016-11-28 19:48 - 00217645 _____ (Igor Pavlov) C:\Users\Tygan\Desktop\Sophie-20161128T020837Z.exe
2016-11-28 02:54 - 2016-11-28 21:05 - 00000000 ____D C:\Users\Tygan\Desktop\Linux
2016-11-28 02:32 - 2016-12-02 01:38 - 00000000 ____D C:\Users\Tygan\Desktop\ToDoEncrypt
2016-11-28 02:22 - 2016-12-02 01:40 - 00000000 ____D C:\Users\Tygan\Desktop\GPG Encrypted - WICHTIG
2016-11-27 16:38 - 2016-11-27 16:38 - 00075345 _____ C:\Users\Tygan\Downloads\Stromverbrauch2016-27-11-16.pdf
2016-11-27 00:51 - 2016-12-02 01:17 - 00001237 _____ C:\Users\Tygan\Desktop\Systemrechte.lnk
2016-11-27 00:44 - 2016-11-27 00:44 - 00003656 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-11-27 00:41 - 2016-11-27 00:41 - 00000000 ____D C:\Users\Tygan\Desktop\PSTools
2016-11-24 23:55 - 2016-11-24 23:55 - 01725970 _____ C:\Users\Tygan\Documents\Beheben von Netzwerkproblemen in Windows 10.pdf
2016-11-24 23:50 - 2016-11-24 23:50 - 00000343 _____ C:\Users\Tygan\Documents\Falls-Internet-Probleme-Dann-Das.txt
2016-11-21 23:52 - 2016-11-22 02:14 - 00000000 ____D C:\Users\Tygan\Desktop\Aggro Berlin
2016-11-20 21:31 - 2016-11-20 21:31 - 00000000 ____D C:\Users\Tygan\Documents\[factorio.su]Factorio_x32-x64_0.14.19
2016-11-20 21:21 - 2016-11-20 21:21 - 00972520 _____ C:\Users\Tygan\Documents\air-filtering_0.4.3.zip
2016-11-20 21:18 - 2016-11-20 21:30 - 354873188 _____ C:\Users\Tygan\Documents\[factorio.su]Factorio_x32-x64_0.14.19.zip
2016-11-20 00:37 - 2016-11-20 00:37 - 00375432 _____ C:\Users\Tygan\AppData\Roaming\1.7z
2016-11-19 19:42 - 2016-11-19 19:42 - 00446859 _____ C:\Users\Tygan\Downloads\Optimierung_der_Ressourcenproduktion_3.0.ods
2016-11-19 12:57 - 2016-12-02 03:15 - 00000000 ____D C:\Users\Tygan\AppData\LocalLow\Mozilla
2016-11-19 00:05 - 2016-11-19 00:05 - 00548898 _____ C:\Users\Tygan\Documents\bookmarks_19.11.16-Google-Chrome.html
2016-11-19 00:05 - 2016-11-19 00:05 - 00018432 ___SH C:\Users\Tygan\Desktop\Thumbs.db
2016-11-17 12:45 - 2016-11-17 12:46 - 00001534 _____ C:\Users\Tygan\Downloads\W10-Explorer-OneDrive.zip
2016-11-14 17:30 - 2016-11-14 17:36 - 00000000 ____D C:\Users\Tygan\Documents\ANDROID SD
2016-11-14 16:57 - 2016-11-14 17:20 - 00000000 ____D C:\Users\Tygan\Documents\MICROSD
2016-11-14 14:27 - 2016-11-22 01:54 - 00000000 ____D C:\Users\Tygan\Documents\WhatsApp123
2016-11-14 14:24 - 2016-11-14 14:25 - 00000000 ____D C:\Users\Tygan\Desktop\dcim
2016-11-14 14:23 - 2016-11-14 14:23 - 00000000 ____D C:\Users\Tygan\Documents\Telegram
2016-11-13 12:08 - 2016-11-13 18:53 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\dvdcss
2016-11-12 17:48 - 2016-11-12 18:23 - 2332804018 _____ (Igor Pavlov) C:\Users\Tygan\Desktop\Eigene Bilder.exe
2016-11-12 17:37 - 2016-11-19 00:05 - 00000000 ____D C:\Users\Tygan\Documents\Eigene Bilder2
2016-11-12 16:19 - 2016-11-12 16:20 - 00069670 _____ C:\Users\Tygan\Documents\Anschreiben.pdf
2016-11-12 16:13 - 2016-11-12 16:13 - 00023010 _____ C:\Users\Tygan\Documents\Lebenslauf Jendrik.pdf
2016-11-12 14:23 - 2016-11-12 16:20 - 00018179 _____ C:\Users\Tygan\Documents\Anschreiben.odt
2016-11-12 04:42 - 2016-11-12 04:42 - 33851708 _____ C:\Users\Tygan\Downloads\Sophie -Tygan.zip
2016-11-11 01:40 - 2016-11-11 01:41 - 00899584 _____ (Farbar) C:\Users\Tygan\Desktop\FSS.exe
2016-11-09 15:31 - 2016-11-02 12:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 15:31 - 2016-11-02 12:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 15:31 - 2016-11-02 12:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 15:31 - 2016-11-02 12:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 15:31 - 2016-11-02 12:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 15:31 - 2016-11-02 12:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 15:31 - 2016-11-02 12:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 15:31 - 2016-11-02 12:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 15:31 - 2016-11-02 12:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-09 15:31 - 2016-11-02 12:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 15:31 - 2016-11-02 12:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 15:31 - 2016-11-02 12:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-09 15:31 - 2016-11-02 12:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 15:31 - 2016-11-02 12:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 15:31 - 2016-11-02 12:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 15:31 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 15:31 - 2016-11-02 11:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 15:31 - 2016-11-02 11:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 15:31 - 2016-11-02 11:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 15:31 - 2016-11-02 11:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-09 15:31 - 2016-11-02 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-09 15:31 - 2016-11-02 11:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-09 15:31 - 2016-11-02 11:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-09 15:31 - 2016-11-02 11:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-09 15:31 - 2016-11-02 11:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-09 15:31 - 2016-11-02 11:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-09 15:31 - 2016-11-02 11:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-09 15:31 - 2016-11-02 11:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-09 15:31 - 2016-11-02 11:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-09 15:31 - 2016-11-02 11:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 15:31 - 2016-11-02 11:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 15:31 - 2016-11-02 11:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-09 15:31 - 2016-11-02 11:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 15:31 - 2016-11-02 11:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 15:31 - 2016-11-02 11:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 15:31 - 2016-11-02 11:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-09 15:31 - 2016-11-02 11:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 15:31 - 2016-11-02 11:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 15:31 - 2016-11-02 11:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-09 15:31 - 2016-11-02 11:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 15:31 - 2016-11-02 11:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 15:31 - 2016-11-02 11:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 15:31 - 2016-11-02 11:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 15:31 - 2016-11-02 11:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 15:31 - 2016-11-02 11:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-09 15:31 - 2016-11-02 11:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-09 15:31 - 2016-11-02 11:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 15:31 - 2016-11-02 11:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 15:31 - 2016-11-02 11:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-09 15:31 - 2016-11-02 11:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-09 15:31 - 2016-11-02 11:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-09 15:31 - 2016-11-02 11:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 15:31 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 15:31 - 2016-11-02 11:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 15:31 - 2016-11-02 11:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-09 15:31 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 15:31 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 15:31 - 2016-11-02 11:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 15:31 - 2016-11-02 11:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 15:31 - 2016-11-02 11:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 15:31 - 2016-11-02 11:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 15:31 - 2016-11-02 11:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 15:31 - 2016-11-02 11:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 15:31 - 2016-11-02 11:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 15:31 - 2016-11-02 11:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 15:31 - 2016-11-02 11:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 15:31 - 2016-11-02 11:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 15:31 - 2016-11-02 11:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 15:30 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-09 15:30 - 2016-11-02 13:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 15:30 - 2016-11-02 12:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-09 15:30 - 2016-11-02 12:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-09 15:30 - 2016-11-02 12:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 15:30 - 2016-11-02 12:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-09 15:30 - 2016-11-02 12:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-09 15:30 - 2016-11-02 12:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-09 15:30 - 2016-11-02 12:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-09 15:30 - 2016-11-02 12:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-09 15:30 - 2016-11-02 12:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-09 15:30 - 2016-11-02 12:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 15:30 - 2016-11-02 12:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-09 15:30 - 2016-11-02 12:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 15:30 - 2016-11-02 12:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 15:30 - 2016-11-02 12:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-09 15:30 - 2016-11-02 12:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-09 15:30 - 2016-11-02 12:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-09 15:30 - 2016-11-02 11:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-09 15:30 - 2016-11-02 11:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-09 15:30 - 2016-11-02 11:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 15:30 - 2016-11-02 11:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 15:30 - 2016-11-02 11:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-09 15:30 - 2016-11-02 11:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 15:30 - 2016-11-02 11:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-09 15:30 - 2016-11-02 11:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 15:30 - 2016-11-02 11:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-09 15:30 - 2016-11-02 11:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-09 15:30 - 2016-11-02 11:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-09 15:30 - 2016-11-02 11:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-09 15:30 - 2016-11-02 11:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 15:30 - 2016-11-02 11:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-09 15:30 - 2016-11-02 11:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-09 15:30 - 2016-11-02 11:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 15:30 - 2016-11-02 11:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-09 15:30 - 2016-11-02 11:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 15:30 - 2016-11-02 11:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-09 15:30 - 2016-11-02 11:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-09 15:30 - 2016-11-02 11:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 15:30 - 2016-11-02 11:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-09 15:30 - 2016-11-02 11:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-09 15:30 - 2016-11-02 11:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-09 15:30 - 2016-11-02 11:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-09 15:30 - 2016-11-02 11:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-09 15:30 - 2016-11-02 11:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 15:30 - 2016-11-02 11:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-09 15:30 - 2016-11-02 11:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 15:30 - 2016-11-02 11:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-09 15:30 - 2016-11-02 11:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-09 15:30 - 2016-11-02 11:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-09 15:30 - 2016-11-02 11:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-09 15:30 - 2016-11-02 11:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-09 15:30 - 2016-11-02 11:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-09 15:30 - 2016-11-02 11:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 15:30 - 2016-11-02 11:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-09 15:30 - 2016-11-02 11:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-09 15:30 - 2016-11-02 11:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-09 15:30 - 2016-11-02 11:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-09 15:30 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 15:30 - 2016-11-02 11:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-09 15:30 - 2016-11-02 11:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-09 15:30 - 2016-11-02 11:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-09 15:30 - 2016-11-02 11:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-09 15:30 - 2016-11-02 11:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-09 15:30 - 2016-11-02 11:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-09 15:30 - 2016-11-02 11:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-09 15:30 - 2016-11-02 11:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-09 15:30 - 2016-11-02 11:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-09 15:30 - 2016-11-02 11:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 15:30 - 2016-11-02 11:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-09 15:30 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-09 15:30 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-09 15:30 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 15:23 - 2016-11-02 12:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 15:23 - 2016-11-02 12:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 15:23 - 2016-11-02 12:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 15:23 - 2016-11-02 11:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 15:23 - 2016-11-02 11:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 15:23 - 2016-11-02 11:37 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2016-11-09 15:23 - 2016-11-02 11:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2016-11-09 15:23 - 2016-11-02 11:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 15:23 - 2016-11-02 11:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 15:23 - 2016-11-02 11:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 15:23 - 2016-11-02 11:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 15:23 - 2016-11-02 11:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 15:23 - 2016-11-02 11:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 15:23 - 2016-11-02 11:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 15:23 - 2016-11-02 11:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 15:23 - 2016-11-02 11:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 15:23 - 2016-11-02 11:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 15:23 - 2016-11-02 11:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 15:23 - 2016-11-02 11:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 15:23 - 2016-11-02 11:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 15:23 - 2016-11-02 11:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 15:23 - 2016-11-02 11:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 15:23 - 2016-11-02 11:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 15:23 - 2016-11-02 11:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 15:23 - 2016-11-02 11:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 15:23 - 2016-11-02 11:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 15:23 - 2016-11-02 11:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 15:23 - 2016-11-02 11:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 15:23 - 2016-11-02 11:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 15:23 - 2016-11-02 11:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 15:23 - 2016-11-02 11:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 15:23 - 2016-11-02 11:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 15:23 - 2016-11-02 11:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 15:23 - 2016-11-02 11:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 15:23 - 2016-11-02 11:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 15:23 - 2016-11-02 11:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 15:23 - 2016-11-02 11:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 15:23 - 2016-11-02 11:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 15:23 - 2016-11-02 11:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 15:23 - 2016-11-02 11:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 15:23 - 2016-11-02 11:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 15:23 - 2016-11-02 11:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 15:23 - 2016-11-02 11:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 15:23 - 2016-11-02 11:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 15:23 - 2016-11-02 11:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 15:23 - 2016-11-02 11:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 15:23 - 2016-11-02 11:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 15:23 - 2016-11-02 09:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 15:22 - 2016-11-02 12:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 15:22 - 2016-11-02 12:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 15:22 - 2016-11-02 12:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 15:22 - 2016-11-02 12:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 15:22 - 2016-11-02 12:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 15:22 - 2016-11-02 12:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 15:22 - 2016-11-02 12:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 15:22 - 2016-11-02 12:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 15:22 - 2016-11-02 12:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 15:22 - 2016-11-02 12:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 15:22 - 2016-11-02 12:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 15:22 - 2016-11-02 12:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 15:22 - 2016-11-02 11:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 15:22 - 2016-11-02 11:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 15:22 - 2016-11-02 11:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 15:22 - 2016-11-02 11:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 15:22 - 2016-11-02 11:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 15:22 - 2016-11-02 11:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 15:22 - 2016-11-02 11:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 15:22 - 2016-11-02 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 15:22 - 2016-11-02 11:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 15:22 - 2016-11-02 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 15:22 - 2016-11-02 11:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 15:22 - 2016-11-02 11:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 15:22 - 2016-11-02 11:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 15:22 - 2016-11-02 11:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 15:22 - 2016-11-02 11:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 15:22 - 2016-11-02 11:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 15:22 - 2016-11-02 11:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 15:22 - 2016-11-02 11:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 15:22 - 2016-11-02 11:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 15:22 - 2016-11-02 11:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 15:22 - 2016-11-02 11:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 15:22 - 2016-11-02 11:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 15:22 - 2016-11-02 11:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 15:22 - 2016-11-02 11:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 15:22 - 2016-11-02 11:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 15:22 - 2016-11-02 11:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 15:22 - 2016-11-02 11:18 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-11-09 15:22 - 2016-11-02 11:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 15:22 - 2016-11-02 11:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 15:22 - 2016-11-02 11:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 15:21 - 2016-11-02 12:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 15:21 - 2016-11-02 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 15:21 - 2016-11-02 11:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 15:21 - 2016-11-02 11:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 15:21 - 2016-11-02 11:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 15:21 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 15:21 - 2016-11-02 11:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 15:21 - 2016-11-02 11:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 15:21 - 2016-11-02 11:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 15:21 - 2016-11-02 11:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 15:21 - 2016-11-02 11:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 15:21 - 2016-11-02 11:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 15:21 - 2016-11-02 11:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 21:56 - 2016-12-08 22:51 - 02420224 _____ (Farbar) C:\Users\Tygan\Desktop\EnglishFRST64.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-08 22:59 - 2016-04-16 16:34 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\vlc
2016-12-08 22:52 - 2016-04-04 22:35 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Skype
2016-12-08 21:19 - 2016-08-03 15:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-08 20:57 - 2016-01-22 14:31 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-08 20:57 - 2014-11-03 19:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-08 14:26 - 2016-08-03 18:45 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-08 13:10 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-08 13:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-08 13:03 - 2016-08-03 16:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-08 03:46 - 2016-07-16 07:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2016-12-08 03:46 - 2016-07-16 07:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2016-12-07 16:33 - 2016-07-05 21:02 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\KeePass
2016-12-07 12:51 - 2016-08-03 15:56 - 00633360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-06 21:54 - 2016-07-25 14:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-06 21:53 - 2016-05-29 22:53 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\TeamViewer
2016-12-06 19:57 - 2016-07-05 20:57 - 00000000 ___DC C:\Users\Tygan\Documents\My Safes
2016-12-06 12:57 - 2014-11-05 16:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-05 12:33 - 2016-09-10 16:54 - 00001274 _____ C:\Users\Tygan\Desktop\Uplay.lnk
2016-12-04 11:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-03 23:50 - 2016-06-10 16:51 - 00000000 ___DC C:\Users\Tygan\Documents\GTA SA RAR Daten
2016-12-03 19:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-02 12:25 - 2016-08-25 11:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-02 03:03 - 2016-06-22 13:59 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\gnupg
2016-11-30 16:48 - 2016-10-30 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-11-30 16:48 - 2016-10-30 22:06 - 00000000 ____D C:\ProgramData\Origin
2016-11-28 21:43 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-26 12:55 - 2016-11-05 03:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2016-11-26 12:55 - 2016-11-05 03:07 - 00000000 ____D C:\Program Files\Core Temp
2016-11-26 12:47 - 2016-06-23 13:31 - 00262792 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2016-11-26 12:47 - 2016-06-23 13:31 - 00199304 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2016-11-26 12:47 - 2016-06-23 13:31 - 00197248 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2016-11-26 12:47 - 2016-06-23 13:31 - 00181384 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfpr.sys
2016-11-26 12:43 - 2014-12-02 18:36 - 00000000 ____D C:\WINDOWS\pss
2016-11-26 12:34 - 2016-09-11 00:31 - 00000000 ___HD C:\$SysReset
2016-11-26 12:34 - 2016-04-05 13:15 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\puush
2016-11-26 12:34 - 2016-01-20 12:47 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-11-26 12:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration
2016-11-24 13:34 - 2016-07-22 11:30 - 00000000 ____D C:\ProgramData\VMware
2016-11-22 22:34 - 2016-04-04 22:51 - 00006056 __RSH C:\ProgramData\ntuser.pol
2016-11-22 01:54 - 1970-01-01 01:00 - 00000000 ___DC C:\Users\Tygan\Documents\WhatsApp
2016-11-20 00:49 - 2016-05-18 15:56 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\FileZilla
2016-11-19 05:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-19 01:55 - 2015-01-29 10:11 - 00146528 _____ (NirSoft) C:\Users\Tygan\Desktop\BlueScreenView.exe
2016-11-14 22:57 - 2016-01-22 23:25 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 22:57 - 2016-01-22 23:25 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-10 13:04 - 2015-07-29 17:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 04:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 22:49 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 21:13 - 2014-01-23 19:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 21:06 - 2014-01-23 19:41 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2016-12-08 13:03 - 2016-12-08 13:03 - 0000000 ____H () C:\ProgramData\cm-lock
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-30 00:00
==================== End of FRST.txt ============================
|
| Themen zu Windows 10 Pro - Trojan.FakeMS.ED |
| .dll, antivirus, avast, browser, defender, detected, error, explorer, format, google, ie7, log, malwarebytes, microsoft, mozilla, netgear, optimierung, ordner, realtek, registry, services.exe, system32, teamspeak, temp, whatsapp, windows, windowsapps, winlogon.exe |
Baum-Darstellung