| |
| |||||||
Log-Analyse und Auswertung: OTL scan auf BKA trojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
13.02.2018, 06:09
| #1 |
 |  OTL scan auf BKA trojaner Ich ließ wg. eines Hinweises in einem anderen Thread https://www.trojaner-board.de/121343-logfileauswertung-otl.html mal ein OTL Version 3.2.69.0 laufen mit quick run ohne weitere präparierte Listen. Gibt es diesen BKA trojaner noch? Evtl. weil ich ne uralte Platte von 2011 an usb gehängt habe. Das kommt mir doch auffälig vor. Ich lasse jetzt noch ein cleanup laufen. Denke das ist damit erledigt, oder? Danke im voraus Jürgen Hier das Log file Code:
ATTFilter OTL logfile created on: 13.02.2018 05:46:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18893) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,49 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 61,74% Memory free 11,48 Gb Paging File | 8,36 Gb Available in Paging File | 72,76% Paging File free Paging file location(s): c:\pagefile.sys 4096 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 488,18 Gb Total Space | 157,76 Gb Free Space | 32,32% Space Free | Partition Type: NTFS Drive D: | 443,23 Gb Total Space | 149,91 Gb Free Space | 33,82% Space Free | Partition Type: NTFS Drive F: | 100,00 Mb Total Space | 64,72 Mb Free Space | 64,72% Space Free | Partition Type: NTFS Drive G: | 351,38 Gb Total Space | 50,38 Gb Free Space | 14,34% Space Free | Partition Type: NTFS Drive H: | 347,16 Gb Total Space | 44,24 Gb Free Space | 12,74% Space Free | Partition Type: NTFS Drive I: | 931,51 Gb Total Space | 67,97 Gb Free Space | 7,30% Space Free | Partition Type: NTFS Drive J: | 931,41 Gb Total Space | 31,67 Gb Free Space | 3,40% Space Free | Partition Type: NTFS Drive K: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive L: | 3,73 Gb Total Space | 0,04 Gb Free Space | 0,96% Space Free | Partition Type: FAT32 Computer Name: JUERGEN2-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2018.02.13 05:42:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe PRC - [2018.02.05 12:08:04 | 000,601,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2017.12.12 21:22:32 | 000,055,000 | ---- | M] (Copyright (c) 2017 Plays.tv, LLC) -- C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe PRC - [2017.11.29 09:11:50 | 003,515,856 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe PRC - [2017.11.14 12:52:42 | 000,288,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe PRC - [2017.09.27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2016.08.18 09:27:06 | 000,216,576 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe PRC - [2013.02.19 16:38:58 | 000,453,736 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2012.04.11 10:41:04 | 000,097,280 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe -- (TrueKeyServiceHelper) SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\TrueKey\McTkSchedulerService.exe -- (TrueKeyScheduler) SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe -- (TrueKey) SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe -- (McComponentHostService) SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -- (InstallerService) SRV:64bit: - [2017.12.29 09:39:36 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2017.11.01 08:07:08 | 006,234,056 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService) SRV:64bit: - [2016.12.12 20:42:54 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64) SRV:64bit: - [2016.11.14 21:14:42 | 000,361,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2016.11.14 21:14:42 | 000,119,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2016.08.22 17:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2016.05.06 09:51:14 | 003,026,584 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BCA\pabeSvc64.exe -- (IntelBCAsvc) SRV:64bit: - [2015.08.04 03:06:32 | 000,246,784 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2015.08.04 00:25:00 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2018.02.10 07:54:40 | 000,194,512 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2017.12.12 21:22:32 | 000,055,000 | ---- | M] (Copyright (c) 2017 Plays.tv, LLC) [Auto | Running] -- C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe -- (PlaysService) SRV - [2017.09.27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2017.08.29 07:57:20 | 010,803,440 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer) SRV - [2017.04.21 13:53:36 | 000,107,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2016.08.18 09:27:06 | 000,216,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr) SRV - [2016.03.31 13:03:02 | 000,544,984 | ---- | M] (Visicom Media Inc.) [Disabled | Stopped] -- C:\ProgramData\ManyCam\Service\ManyCamService.exe -- (ManyCam Service) SRV - [2015.12.01 12:56:07 | 000,090,592 | ---- | M] (Jetico, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe -- (BCWipeSvc) SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1) DRV:64bit: - [2018.02.13 05:34:29 | 000,084,256 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebProtection) DRV:64bit: - [2018.02.13 05:31:46 | 000,046,008 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection) DRV:64bit: - [2018.02.13 05:31:35 | 000,110,016 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\farflt.sys -- (MBAMFarflt) DRV:64bit: - [2018.02.13 05:31:27 | 000,253,880 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2018.02.10 21:01:52 | 000,193,968 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MbamChameleon.sys -- (MBAMChameleon) DRV:64bit: - [2017.11.29 09:11:26 | 000,077,432 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mbae64.sys -- (ESProtectionDriver) DRV:64bit: - [2016.10.09 18:18:48 | 000,027,384 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\xpc4drvr.sys -- (XilinxPC4Driver) DRV:64bit: - [2016.08.25 09:46:12 | 000,135,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2015.12.01 12:57:52 | 000,042,632 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MftWipeFilter.sys -- (MftWipeFilter) DRV:64bit: - [2015.11.17 14:40:58 | 000,195,416 | ---- | M] (IDRIX) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\veracrypt.sys -- (veracrypt) DRV:64bit: - [2015.08.04 07:23:28 | 021,622,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2015.08.04 02:42:28 | 000,665,088 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2015.07.15 11:20:32 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2015.05.19 11:35:27 | 000,057,536 | ---- | M] (Jetico Inc. Oy) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsh.sys -- (fsh) DRV:64bit: - [2015.04.03 01:14:26 | 000,229,056 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC) DRV:64bit: - [2015.01.15 07:42:24 | 000,977,624 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2014.12.29 05:07:36 | 000,049,304 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv.sys -- (ManyCam) DRV:64bit: - [2014.12.29 04:56:08 | 000,035,992 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2014.11.24 07:42:17 | 000,094,400 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bcswap.sys -- (BCSWAP) DRV:64bit: - [2014.02.11 17:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\AMD\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.3) DRV:64bit: - [2013.07.21 18:41:12 | 000,013,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHMSR64.sys -- (DRHMSR64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012.01.14 04:05:56 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011.12.13 04:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.12.13 04:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.11.03 19:05:40 | 000,021,984 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHARD64.sys -- (DRHARD64) DRV:64bit: - [2011.10.26 10:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc) DRV:64bit: - [2011.10.26 10:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.07.21 18:41:12 | 000,013,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHMSR64.sys -- (DRHMSR64) DRV - [2011.11.03 19:05:40 | 000,021,984 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHARD64.sys -- (DRHARD64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-963683855-2343051469-89585254-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = B1 39 A1 F2 92 66 D2 01 [binary data] IE - HKU\S-1-5-21-963683855-2343051469-89585254-500\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error. IE - HKU\S-1-5-21-963683855-2343051469-89585254-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-963683855-2343051469-89585254-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-963683855-2343051469-89585254-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.region: "DE" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.search.widget.inNavBar: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 58.0.2\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 58.0.2\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2017.01.04 14:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions [2017.11.26 17:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\SystemExtensionsDev [2018.02.12 03:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data [2018.02.13 05:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\{a80bbdbb-6fd0-4ee2-ab67-47ef4ba1cede} [2018.02.06 13:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\adguardadblocker@adguard.com [2018.01.27 12:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\artur.dubovoy@gmail.com [2018.02.07 19:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\consistent-https@tanalin.com [2018.02.13 05:46:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\firefox@ghostery.com [2018.02.13 05:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\jid1-NIfFY2CA8fy1tg@jetpack [2017.10.19 05:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\browser-extension-data\screenshots@mozilla.org [2018.02.10 18:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions [2018.02.07 19:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\storage\default\moz-extension+++1b1ca62e-9224-41a3-aa76-4b389b9ef786 [2018.02.13 05:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\storage\default\moz-extension+++1b1ca62e-9224-41a3-aa76-4b389b9ef786\idb [2018.02.06 13:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\storage\default\moz-extension+++a390d351-cd62-426a-a84b-c588b56d1aad [2018.02.13 05:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\storage\default\moz-extension+++a390d351-cd62-426a-a84b-c588b56d1aad\idb [2018.02.07 19:36:33 | 000,387,733 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\artur.dubovoy@gmail.com.xpi [2018.02.07 19:34:55 | 000,009,834 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\consistent-https@tanalin.com.xpi [2018.02.10 18:53:55 | 003,822,716 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\firefox@ghostery.com.xpi [2018.02.08 18:39:41 | 001,614,680 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\https-everywhere@eff.org.xpi [2018.02.07 19:34:19 | 000,937,042 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018.02.07 19:36:59 | 000,577,156 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\extensions\{a80bbdbb-6fd0-4ee2-ab67-47ef4ba1cede}.xpi [2018.02.10 07:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions O1 HOSTS File: ([2018.02.10 18:45:19 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-963683855-2343051469-89585254-500..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (AppEx Networks Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKU\S-1-5-21-963683855-2343051469-89585254-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: localhost ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: localhost ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F4DD125-EDDA-44BF-B378-9BAF78A43AC1}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2016.08.27 20:00:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.05.06 13:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2015.03.19 17:41:06 | 000,000,016 | -H-- | M] () - L:\AUTORUN.INF -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2018.02.13 05:44:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2018.02.11 10:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2018.02.10 21:58:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ESET [2018.02.10 21:01:52 | 000,193,968 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys [2018.02.10 21:01:44 | 000,110,016 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys [2018.02.10 21:01:44 | 000,084,256 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys [2018.02.10 21:01:43 | 000,046,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys [2018.02.10 21:01:33 | 000,253,880 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys [2018.02.10 21:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [2018.02.10 21:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes [2018.02.10 18:54:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VeraCrypt [2018.02.10 18:45:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\FRST-OlderVersion [2018.02.10 07:57:12 | 002,404,864 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FRST64.exe [2018.02.08 20:24:04 | 000,000,000 | ---D | C] -- C:\My Files(juergen-PC) [2018.02.08 18:12:10 | 008,206,624 | ---- | C] (Malwarebytes) -- C:\Users\Administrator\Desktop\adwcleaner_7.0.7.0(3).exe [2018.02.08 16:01:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2018.02.07 10:38:02 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\77E7F59C.sys [2018.02.07 07:41:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\mathe [2018.02.06 19:52:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AppEx Networks [2018.02.06 18:41:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.QtWebEngineProcess [2018.02.06 18:41:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.Plays.tv [2018.02.06 18:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved [2018.02.06 18:40:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PlaysTV [2018.02.06 18:38:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\library_dir [2018.02.06 18:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr Inc [2018.02.06 18:37:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Raptr [2018.02.06 18:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream [2018.02.06 18:37:37 | 000,229,056 | ---- | C] (AppEx Networks Corporation) -- C:\Windows\SysNative\drivers\appexDrv.sys [2018.02.06 18:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\AMD Quick Stream [2018.02.06 18:28:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\RadeonInstaller [2018.02.06 13:49:33 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\656387A4.sys [2018.02.06 13:39:33 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\3353E5FC.sys [2018.02.06 12:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2018.02.06 12:25:38 | 000,255,928 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\43221302.sys [2018.02.06 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\mbar [2018.02.06 09:00:17 | 000,000,000 | ---D | C] -- C:\daten [2018.02.06 08:08:52 | 000,000,000 | ---D | C] -- C:\FRST [2018.02.05 11:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BCWipe [2018.02.05 11:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jetico [2018.02.02 15:20:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\dvdcss [2018.02.01 13:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [2018.02.01 13:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo [2018.01.30 20:47:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2018.01.28 23:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firetrust [2018.01.28 23:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Firetrust [2018.01.27 12:34:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mathematica [2018.01.27 12:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mathematica [2018.01.27 12:34:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mathematica [2018.01.27 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Wolfram Mathematica [2018.01.27 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Wolfram [2018.01.27 12:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica 11.2 [2018.01.27 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OpenOffice [2018.01.27 12:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wolfram Research [2018.01.27 12:00:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Wolfram Research [2018.01.18 14:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2018.01.18 14:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2018.02.13 05:46:22 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2018.02.13 05:46:22 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2018.02.13 05:42:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2018.02.13 05:34:29 | 000,084,256 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys [2018.02.13 05:31:46 | 000,046,008 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys [2018.02.13 05:31:35 | 000,110,016 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys [2018.02.13 05:31:27 | 000,253,880 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys [2018.02.13 05:30:03 | 000,000,021 | ---- | M] () -- C:\Windows\S.dirmngr [2018.02.13 05:29:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2018.02.13 05:29:48 | 1733,324,799 | -HS- | M] () -- C:\hiberfil.sys [2018.02.11 21:56:42 | 000,852,720 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe [2018.02.11 11:46:13 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2018.02.11 11:46:13 | 000,653,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2018.02.11 11:46:13 | 000,121,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2018.02.10 21:01:52 | 000,193,968 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys [2018.02.10 21:01:27 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk [2018.02.10 18:45:19 | 000,000,035 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2018.02.10 18:45:05 | 002,404,864 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FRST64.exe [2018.02.08 18:10:25 | 008,206,624 | ---- | M] (Malwarebytes) -- C:\Users\Administrator\Desktop\adwcleaner_7.0.7.0(3).exe [2018.02.08 16:03:16 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk [2018.02.08 16:02:01 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk [2018.02.08 16:02:01 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk [2018.02.08 16:02:01 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk [2018.02.07 10:38:02 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\77E7F59C.sys [2018.02.07 07:45:36 | 000,022,284 | ---- | M] () -- C:\Users\Administrator\Desktop\23.jpg [2018.02.07 07:43:01 | 000,008,189 | ---- | M] () -- C:\Users\Administrator\Desktop\export_reply_3.nb [2018.02.06 18:41:00 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Raptr.lnk [2018.02.06 13:49:33 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\656387A4.sys [2018.02.06 13:39:33 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\3353E5FC.sys [2018.02.06 12:25:38 | 000,255,928 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\43221302.sys [2018.02.06 11:38:52 | 000,291,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2018.02.05 11:39:23 | 000,001,167 | ---- | M] () -- C:\Windows\SysWow64\Reinigung.cmd [2018.02.05 11:39:23 | 000,001,167 | ---- | M] () -- C:\Windows\SysNative\Reinigung.cmd [2018.02.01 13:35:05 | 000,137,345 | ---- | M] () -- C:\Users\Administrator\Documents\crystalI.jpg [2018.02.01 13:33:46 | 000,135,651 | ---- | M] () -- C:\Users\Administrator\Documents\crystalCD.jpg [2018.02.01 13:21:03 | 000,133,093 | ---- | M] () -- C:\Users\Administrator\Documents\crystal.jpg [2018.02.01 13:05:44 | 000,001,196 | ---- | M] () -- C:\Users\Administrator\Desktop\CrystalDiskInfo.lnk [2018.01.19 14:22:06 | 000,765,656 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2018.01.18 14:27:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2018.01.15 11:23:58 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2018.02.13 05:30:03 | 000,000,021 | ---- | C] () -- C:\Windows\S.dirmngr [2018.02.11 21:59:09 | 000,852,720 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe [2018.02.10 21:01:27 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk [2018.02.10 21:01:23 | 000,077,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys [2018.02.08 16:03:16 | 000,002,220 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk [2018.02.08 16:03:16 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk [2018.02.07 12:49:25 | 1733,324,799 | -HS- | C] () -- C:\hiberfil.sys [2018.02.07 07:44:01 | 000,022,284 | ---- | C] () -- C:\Users\Administrator\Desktop\23.jpg [2018.02.07 07:43:01 | 000,008,189 | ---- | C] () -- C:\Users\Administrator\Desktop\export_reply_3.nb [2018.02.06 18:41:00 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Raptr.lnk [2018.02.06 09:28:27 | 000,001,820 | ---- | C] () -- C:\Windows\SysNative\Wartung.cmd [2018.02.06 09:28:27 | 000,001,167 | ---- | C] () -- C:\Windows\SysNative\Reinigung.cmd [2018.02.01 13:35:05 | 000,137,345 | ---- | C] () -- C:\Users\Administrator\Documents\crystalI.jpg [2018.02.01 13:33:46 | 000,135,651 | ---- | C] () -- C:\Users\Administrator\Documents\crystalCD.jpg [2018.02.01 13:21:03 | 000,133,093 | ---- | C] () -- C:\Users\Administrator\Documents\crystal.jpg [2018.02.01 13:05:44 | 000,001,196 | ---- | C] () -- C:\Users\Administrator\Desktop\CrystalDiskInfo.lnk [2018.02.01 12:01:42 | 000,001,820 | ---- | C] () -- C:\Windows\SysWow64\Wartung.cmd [2018.02.01 12:01:42 | 000,001,167 | ---- | C] () -- C:\Windows\SysWow64\Reinigung.cmd [2018.01.18 14:27:37 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2017.12.21 16:25:58 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\CSVSpecialProcessing.dll [2017.12.21 16:25:58 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\SARzilla.dll [2017.12.21 16:25:58 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM2.dll [2017.12.21 16:25:58 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx13_ic.ini [2017.08.09 13:58:31 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2017.07.20 19:34:39 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2018.01.01 03:18:30 | 014,183,936 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2018.01.01 03:00:12 | 012,880,384 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2017.10.24 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.kde [2017.10.24 16:17:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Electrum [2017.01.04 14:38:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER [2018.02.11 11:40:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gnupg [2017.01.04 19:10:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView [2018.02.06 18:38:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\library_dir [2017.12.27 06:17:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++ [2018.01.27 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice [2017.12.12 15:38:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PilotEdit [2018.02.06 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlaysTV [2018.02.06 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Raptr [2017.01.04 14:15:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird [2018.02.10 18:54:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VeraCrypt [2016.09.04 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\.kde [2016.01.20 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\AMD [2016.07.13 12:37:52 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\AVG [2015.12.07 17:47:48 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Canon [2016.08.10 07:59:05 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\ChessBase [2016.06.24 15:29:04 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\DVI [2018.02.05 20:47:02 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Electrum [2018.01.28 23:59:54 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Firetrust [2016.02.23 11:00:47 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Forte [2016.12.15 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\fp [2016.08.17 05:08:18 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\GeoGebra 5.0 [2016.10.25 19:40:47 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\GHISLER [2018.01.26 12:50:18 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\gnupg [2016.07.15 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Grisoft [2017.06.05 18:26:43 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\I2P [2018.02.05 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\IrfanView [2015.11.01 09:47:33 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\library_dir [2016.06.15 12:21:44 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\ManyCam [2016.04.28 13:03:18 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Mathematik alpha 2016 [2015.11.05 16:27:54 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Notepad++ [2015.11.22 23:15:36 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\OpenOffice [2017.06.21 18:59:15 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Opera Software [2017.12.05 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\PilotEdit [2018.02.07 05:35:12 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\PlaysTV [2018.02.07 05:35:40 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Raptr [2017.12.21 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\SoftInterface, Inc [2017.10.30 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\TeamViewer [2015.11.05 16:39:42 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Thunderbird [2015.11.17 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\TrueCrypt [2016.06.24 07:06:37 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\TuneUp Software [2015.11.18 13:37:07 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\VeraCrypt [2017.06.21 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\VS Revo Group [2016.12.12 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\juergen2\AppData\Roaming\Xilinx ========== Purity Check ========== < End of report > |
|
13.02.2018, 11:10
| #2 |
| /// TB-Ausbilder   | OTL scan auf BKA trojaner wünscht du Hilfe bei einer Bereinigung oder willst du selber ruhantieren?  |
|
13.02.2018, 11:39
| #3 |
| | OTL scan auf BKA trojaner Hallo!
__________________ich habe nur das neueset standard OTL Programm laufen lassen und auf alles bereigen gedrückt Wäre nett wenn ich da noch weiter Hilfe hätte, sil te plais Jürgen |
|
13.02.2018, 17:32
| #4 |
| /// TB-Ausbilder | OTL scan auf BKA trojaner OTL wird schon seit Jahren nicht mehr verwendet. Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Bitte poste mit deiner nächsten Antwort
|
|
13.02.2018, 22:48
| #5 |
| | OTL scan auf BKA trojanerCode:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Administrator (administrator) on JUERGEN2-PC (13-02-2018 17:44:19)
Running from D:\backupMaxtor80gb\data\FRSTData
Loaded Profiles: Administrator & (Available Profiles: juergen2 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Users\Administrator\AppData\Local\Temp\~nsu.tmp\Au_.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\Policies\Explorer: [NoThumbNailCache] 1
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\MountPoints2: {3b6eaf21-9024-11e5-b954-8c89a53586cf} - K:\LaunchU3.exe -a
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-500\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-500\...\Policies\Explorer: [NoThumbNailCache] 1
HKU\S-1-5-21-963683855-2343051469-89585254-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170301201\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-963683855-2343051469-89585254-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170301201\...\Policies\Explorer: [NoThumbNailCache] 1
AppInit_DLLs-x32: hplun.dll => No File
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4F4DD125-EDDA-44BF-B378-9BAF78A43AC1}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=de-at
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
FireFox:
========
FF DefaultProfile: iv2ha52p.default-1508386149418
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 [2018-02-13]
FF Session Restore: Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418 -> Disabled: _j5Members_@ext.ask.com
FF Extension: (Flash Video Downloader) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\artur.dubovoy@gmail.com.xpi [2018-02-07]
FF Extension: (ConsistentHTTPS) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\consistent-https@tanalin.com.xpi [2018-02-07]
FF Extension: (Name) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\firefox@ghostery.com.xpi [2018-02-10]
FF Extension: (HTTPS Everywhere) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\https-everywhere@eff.org.xpi [2018-02-08]
FF Extension: (AdBlock) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-02-07]
FF Extension: (Flash & Video Downloader) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\iv2ha52p.default-1508386149418\Extensions\{a80bbdbb-6fd0-4ee2-ab67-47ef4ba1cede}.xpi [2018-02-07]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S4 BCWipeSvc; C:\Program Files (x86)\Jetico\BCWipe\BCWipeSvc.exe [90592 2015-12-01] (Jetico, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
S4 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.667\McCHSvc.exe" [X]
S4 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X]
S4 TrueKeyScheduler; "C:\Program Files\TrueKey\McTkSchedulerService.exe" [X]
S3 TrueKeyServiceHelper; "C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S4 BCSWAP; no ImagePath
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R4 fsh; no ImagePath
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-02-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-02-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-13] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-02-13] (Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
S3 MftWipeFilter; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsla8d6e4e8; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9ECEEEA8-204E-417F-A7F0-26DB4D269883}\MpKsla8d6e4e8.sys [58120 2018-02-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2015-11-17] (IDRIX)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2016-10-09] (Xilinx, Inc.)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U3 aswbdisk; no ImagePath
R1 bcbus; system32\DRIVERS\bcbus.sys [X]
S3 X6va037; \??\C:\Windows\SysWOW64\Drivers\X6va037 [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-13 17:43 - 2018-02-13 17:44 - 000000000 ____D C:\FRST
2018-02-13 16:53 - 2018-02-13 16:53 - 000000021 _____ C:\Windows\S.dirmngr
2018-02-13 16:30 - 2018-02-13 16:30 - 000000000 ____D C:\Users\Administrator\Documents\BCDB
2018-02-13 10:29 - 2018-02-13 17:02 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-02-12 15:51 - 2018-02-12 15:51 - 000001245 _____ C:\Users\Administrator\Desktop\malware12011544.txt
2018-02-11 10:50 - 2018-02-11 10:50 - 000000000 ____D C:\ProgramData\ATI
2018-02-10 21:58 - 2018-02-12 01:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET
2018-02-10 21:01 - 2018-02-13 17:02 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-02-10 21:01 - 2018-02-13 16:55 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-10 21:01 - 2018-02-13 10:28 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-02-10 21:01 - 2018-02-13 10:26 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-02-10 21:01 - 2018-02-10 21:01 - 000001835 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-10 21:01 - 2018-02-10 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-10 21:01 - 2018-02-10 21:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-10 21:01 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-10 18:54 - 2018-02-10 18:54 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VeraCrypt
2018-02-10 18:43 - 2018-02-10 18:43 - 000000000 _____ C:\Users\Administrator\Desktop\New Text Document.txt
2018-02-08 20:24 - 2018-02-08 20:24 - 000000000 ____D C:\My Files(juergen-PC)
2018-02-08 16:03 - 2018-02-08 16:03 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 16:03 - 2018-02-08 16:03 - 000002182 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-02-07 10:38 - 2018-02-07 10:38 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\77E7F59C.sys
2018-02-07 07:43 - 2018-02-07 07:43 - 000008189 _____ C:\Users\Administrator\Desktop\export_reply_3.nb
2018-02-07 07:41 - 2018-02-07 07:41 - 000000000 ____D C:\Users\Administrator\Desktop\mathe
2018-02-07 07:36 - 2018-02-07 07:37 - 000000000 ____D C:\Users\juergen2\Desktop\Mathe
2018-02-07 05:35 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\.QtWebEngineProcess
2018-02-07 05:35 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\.Plays.tv
2018-02-07 05:33 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Raptr
2018-02-07 05:33 - 2018-02-07 05:35 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\PlaysTV
2018-02-06 19:52 - 2018-02-06 19:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\AppEx Networks
2018-02-06 18:41 - 2018-02-06 18:41 - 000000000 ____D C:\Users\Administrator\.QtWebEngineProcess
2018-02-06 18:41 - 2018-02-06 18:41 - 000000000 ____D C:\Users\Administrator\.Plays.tv
2018-02-06 18:40 - 2018-02-13 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2018-02-06 18:38 - 2018-02-06 18:38 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\library_dir
2018-02-06 18:37 - 2018-02-06 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2018-02-06 18:37 - 2018-02-06 18:37 - 000000000 ____D C:\Program Files\AMD Quick Stream
2018-02-06 18:37 - 2015-04-03 01:14 - 000229056 _____ (AppEx Networks Corporation) C:\Windows\system32\Drivers\appexDrv.sys
2018-02-06 18:28 - 2018-02-06 18:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\RadeonInstaller
2018-02-06 18:27 - 2018-02-06 18:27 - 041047112 _____ (AMD Inc.) C:\Users\Administrator\Downloads\radeon-software-adrenalin-18.2.1-minimalsetup-180201_web.exe
2018-02-06 13:49 - 2018-02-06 13:49 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\656387A4.sys
2018-02-06 13:39 - 2018-02-06 13:39 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\3353E5FC.sys
2018-02-06 12:25 - 2018-02-10 21:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-06 12:25 - 2018-02-06 12:25 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\43221302.sys
2018-02-06 09:28 - 2018-02-05 11:39 - 000001167 _____ C:\Windows\system32\Reinigung.cmd
2018-02-06 09:28 - 2017-12-24 23:03 - 000001820 _____ C:\Windows\system32\Wartung.cmd
2018-02-06 09:00 - 2018-02-06 09:03 - 000000000 ____D C:\daten
2018-02-05 23:24 - 2018-02-05 23:41 - 000000000 ___HD C:\~BCWipe.tmp
2018-02-05 18:56 - 2018-02-05 18:56 - 000739464 _____ C:\Users\juergen2\Documents\IMG_20180205_0001.pdf
2018-02-05 11:48 - 2018-02-05 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BCWipe
2018-02-05 11:47 - 2018-02-13 17:12 - 000000000 ____D C:\Program Files (x86)\Jetico
2018-02-02 15:20 - 2018-02-02 15:20 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\dvdcss
2018-02-02 14:52 - 2018-02-02 14:52 - 000000017 _____ C:\Users\juergen2\AppData\Local\resmon.resmoncfg
2018-02-01 13:05 - 2018-02-01 13:05 - 000001196 _____ C:\Users\Administrator\Desktop\CrystalDiskInfo.lnk
2018-02-01 13:05 - 2018-02-01 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-02-01 13:05 - 2018-02-01 13:05 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2018-02-01 12:01 - 2018-02-05 11:39 - 000001167 _____ C:\Windows\SysWOW64\Reinigung.cmd
2018-02-01 12:01 - 2017-12-24 23:03 - 000001820 _____ C:\Windows\SysWOW64\Wartung.cmd
2018-02-01 00:23 - 2018-02-01 00:23 - 000000000 ____D C:\Users\juergen2\PDF
2018-01-31 23:58 - 2018-01-31 23:58 - 000000181 _____ C:\Users\juergen2\Documents\slashesversion.gp
2018-01-31 22:17 - 2018-01-31 22:17 - 000000142 _____ C:\Users\juergen2\new2.gp
2018-01-31 22:00 - 2018-01-31 21:57 - 000000096 _____ C:\Users\juergen2\Documents\new.txt
2018-01-31 21:17 - 2018-02-01 00:12 - 000007841 _____ C:\Users\juergen2\Documents11.pdf
2018-01-30 23:39 - 2018-01-30 23:40 - 000000127 _____ C:\Users\juergen2\Documents\anmachenFilipina.txt
2018-01-30 20:47 - 2018-01-30 20:47 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Macromedia
2018-01-29 22:31 - 2018-02-04 13:04 - 000004740 _____ C:\Users\juergen2\Documents\23.txt
2018-01-29 22:11 - 2018-01-30 23:09 - 000003173 _____ C:\Users\juergen2\Documents\13.txt
2018-01-29 22:09 - 2018-01-29 22:09 - 001332457 _____ C:\Users\juergen2\Documents\1013.txt
2018-01-29 21:01 - 2018-01-29 21:58 - 000003016 _____ C:\Users\juergen2\Desktop\mmmma.txt
2018-01-28 23:59 - 2018-01-28 23:59 - 000001182 _____ C:\Users\juergen2\Desktop\MailWasherPro.lnk
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firetrust
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Firetrust
2018-01-28 23:59 - 2018-01-28 23:59 - 000000000 ____D C:\Program Files (x86)\Firetrust
2018-01-28 23:58 - 2018-01-29 00:00 - 000000000 ____D C:\ProgramData\Firetrust
2018-01-28 12:57 - 2018-01-31 21:20 - 000000000 ____D C:\Users\juergen2\Documents\Wolfram Mathematica
2018-01-28 12:57 - 2018-01-29 19:37 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Mathematica
2018-01-28 12:57 - 2018-01-28 12:58 - 000000000 ____D C:\Users\juergen2\AppData\Local\Mathematica
2018-01-28 12:57 - 2018-01-28 12:57 - 000000000 ____D C:\Users\juergen2\AppData\Local\Wolfram
2018-01-27 12:34 - 2018-02-07 07:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mathematica
2018-01-27 12:34 - 2018-02-07 07:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mathematica
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\Users\Administrator\Documents\Wolfram Mathematica
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wolfram
2018-01-27 12:34 - 2018-01-27 12:34 - 000000000 ____D C:\ProgramData\Mathematica
2018-01-27 12:30 - 2018-01-27 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica 11.2
2018-01-27 12:27 - 2018-01-27 12:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
2018-01-27 12:17 - 2018-01-27 12:17 - 000000000 ____D C:\Program Files\Wolfram Research
2018-01-27 12:00 - 2018-01-27 12:03 - 000000000 ____D C:\Users\Administrator\Downloads\M-WIN-L-11.2.0-5822651
2018-01-27 12:00 - 2018-01-27 12:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wolfram Research
2018-01-18 14:27 - 2018-01-18 14:27 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2018-01-18 14:27 - 2018-01-18 14:27 - 000000000 ____D C:\Program Files\Microsoft Security Client
2018-01-18 14:27 - 2018-01-18 14:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-13 17:21 - 2017-01-04 21:53 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-02-13 17:06 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-13 17:02 - 2015-11-02 13:24 - 002859046 _____ C:\Windows\ntbtlog.txt
2018-02-13 17:02 - 2009-07-14 05:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-13 17:02 - 2009-07-14 05:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-13 17:01 - 2016-08-27 20:44 - 000000994 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-02-13 17:01 - 2016-08-27 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-02-13 16:53 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-13 16:41 - 2015-11-01 10:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-13 16:24 - 2016-02-18 11:21 - 000001509 _____ C:\DelFix.txt
2018-02-13 13:30 - 2016-11-19 14:58 - 000000000 ____D C:\Users\juergen2\AppData\LocalLow\Mozilla
2018-02-13 09:11 - 2017-01-04 18:02 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\gnupg
2018-02-11 22:29 - 2015-10-31 22:30 - 000000000 ____D C:\datas
2018-02-11 11:46 - 2009-07-14 06:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-10 21:00 - 2017-01-04 14:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2018-02-10 12:54 - 2015-10-31 22:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-10 07:54 - 2017-08-26 17:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-08 19:53 - 2015-11-01 11:12 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\vlc
2018-02-08 16:03 - 2015-12-21 20:28 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-08 16:02 - 2017-10-30 10:23 - 000002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-02-08 16:02 - 2017-10-30 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-02-07 12:49 - 2016-07-15 12:40 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-07 06:27 - 2016-08-18 13:38 - 000000981 _____ C:\Users\juergen2\Desktop\PARI.lnk
2018-02-07 05:35 - 2015-10-31 22:01 - 000000000 ____D C:\Users\juergen2
2018-02-06 18:41 - 2017-01-03 13:31 - 000000000 ____D C:\Users\Administrator
2018-02-06 18:36 - 2015-11-01 09:41 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-06 18:30 - 2015-11-01 09:39 - 000000000 ____D C:\AMD
2018-02-06 14:06 - 2015-10-31 22:15 - 000065744 _____ C:\Users\juergen2\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-06 12:17 - 2017-01-03 13:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-02-06 11:39 - 2017-01-03 13:33 - 000065744 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-06 11:38 - 2009-07-14 05:45 - 000291024 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-06 09:46 - 2009-07-14 04:20 - 000000000 __RSD C:\Windows\Media
2018-02-06 08:54 - 2016-05-16 15:01 - 000000000 ____D C:\Program Files\TrueKey
2018-02-06 08:50 - 2015-12-21 20:28 - 000000000 ____D C:\Users\juergen2\AppData\Local\Google
2018-02-06 08:47 - 2016-10-02 17:45 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\NCH Software
2018-02-05 20:47 - 2017-05-10 13:31 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\Electrum
2018-02-05 18:04 - 2015-11-13 17:07 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\IrfanView
2018-02-05 16:25 - 2016-11-18 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-02-05 13:03 - 2015-11-01 08:53 - 000000000 ____D C:\xampp
2018-02-04 12:23 - 2017-11-16 22:48 - 000000000 ____D C:\Users\juergen2\AppData\Local\CrashDumps
2018-02-03 16:54 - 2015-11-14 12:57 - 000075264 _____ C:\Users\juergen2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-03 15:38 - 2016-02-24 19:10 - 000000000 ____D C:\div
2018-02-03 15:07 - 2016-01-24 16:00 - 000000000 ____D C:\Users\juergen2\AppData\Local\QuickPar
2018-02-02 11:04 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-01 08:16 - 2016-10-09 09:50 - 000000000 ____D C:\Windows\Minidump
2018-01-31 22:34 - 2016-08-18 19:24 - 000000000 ____D C:\tmp
2018-01-31 22:19 - 2016-08-18 13:37 - 000000000 ____D C:\Program Files (x86)\Pari-2-7-6
2018-01-30 20:56 - 2015-11-01 10:23 - 000000000 ____D C:\Users\juergen2\AppData\Local\Adobe
2018-01-30 20:47 - 2016-02-17 17:00 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-30 20:47 - 2015-11-01 10:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-28 21:35 - 2015-11-15 10:42 - 000000000 ____D C:\vhd
2018-01-26 12:50 - 2015-11-15 10:22 - 000000000 ____D C:\Users\juergen2\AppData\Roaming\gnupg
2018-01-25 00:48 - 2017-06-30 15:19 - 000004100 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1498067933
2018-01-23 19:58 - 2010-11-21 04:27 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-01-19 14:22 - 2015-11-01 09:42 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-18 14:27 - 2016-05-12 18:47 - 000001945 _____ C:\Windows\epplauncher.mif
2018-01-18 14:04 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-15 11:23 - 2017-12-10 15:05 - 000001302 _____ C:\Users\Public\Desktop\Skype.lnk
2018-01-15 11:23 - 2017-12-10 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
==================== Files in the root of some directories =======
2017-07-20 19:34 - 2017-07-20 19:34 - 000003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-07 12:31
==================== End of FRST.txt ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Administrator (13-02-2018 17:45:50)
Running from D:\backupMaxtor80gb\data\FRSTData
Windows 7 Professional Service Pack 1 (X64) (2015-10-31 21:00:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-963683855-2343051469-89585254-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-963683855-2343051469-89585254-501 - Limited - Disabled)
juergen2 (S-1-5-21-963683855-2343051469-89585254-1000 - Administrator - Enabled) => C:\Users\juergen2
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Accelerated Video Transcoding (HKLM\...\{F15287C6-10E3-1676-AF50-CB0355A302F1}) (Version: 2.00.0002 - Advanced Micro Devices, Inc.)
AMD APP SDK Runtime (HKLM\...\{503F672D-6C84-448A-8F8F-4BC35AC83441}) (Version: 10.0.873.1 - Advanced Micro Devices Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (HKLM\...\{CF84CD21-FC52-857E-AF41-9DEE9C76D245}) (Version: 2.00.0000 - Advanced Micro Devices, Inc.)
AMD Fuel (HKLM\...\{AA20E9E6-96D0-C201-E44D-F7D921F595FD}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
AMD USB 3.0 Device Detector (HKLM\...\{F5733897-B788-4AB1-B399-166A9FBB47A8}) (Version: 2.1.30.0 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (HKLM\...\{630E5EF7-72F8-9E5D-BEF5-ED85B698E160}) (Version: 1.0.0.15 - Advanced Micro Devices, Inc.)
Arasan 20.2 (HKLM-x32\...\Arasan_is1) (Version: - )
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
BCWipe 6.0 (HKLM-x32\...\BCWipe) (Version: 6.08.3 - Jetico Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Catalyst Control Center Graphics Previews Common (HKLM-x32\...\{9114BDDB-A6A6-152D-060A-E99307057AD1}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Catalyst Control Center Localization All (HKLM-x32\...\{315D9E6B-98B1-1E2B-9E93-B36A0B104224}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Standard (HKLM-x32\...\{703F229F-573E-10E7-3B44-341DB59AD86B}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Chinese Traditional (HKLM-x32\...\{489E5436-B101-CAD9-5571-14746675ECE3}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Czech (HKLM-x32\...\{BBA1614E-6470-7841-8A42-ABD5BA7B3FFE}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Danish (HKLM-x32\...\{AA0E1433-8F16-AA01-E8E9-E6408579D0D8}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Dutch (HKLM-x32\...\{504819D1-3C0A-2695-0007-BBDFA5936D68}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help English (HKLM-x32\...\{6C495748-5F03-0B97-568B-76D0368FB460}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Finnish (HKLM-x32\...\{D9CBA021-DB41-9736-923F-52E3E426912D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help French (HKLM-x32\...\{B03A580A-5D67-DAC5-59A1-7AD7C513381C}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help German (HKLM-x32\...\{69DF4822-9B16-CE04-7587-22E09FB5FD1D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Greek (HKLM-x32\...\{968C0E92-6DA9-5784-9A0B-1061D0CB2C14}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Hungarian (HKLM-x32\...\{11BC8F83-7260-65EB-3E0A-FA7AC894B42D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Italian (HKLM-x32\...\{FE4DC915-D724-E72C-EF86-DC5B89961ACF}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Japanese (HKLM-x32\...\{C9353DBC-A47C-2C9B-AF32-5E2C8B4E3D3A}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Korean (HKLM-x32\...\{37DBC990-C514-3821-D6FB-12E0745AA990}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Norwegian (HKLM-x32\...\{79E3071B-8A0C-C105-6442-CF611732601E}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Polish (HKLM-x32\...\{A12E8E1A-A77D-94E5-72F8-E83D6256AF11}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Portuguese (HKLM-x32\...\{AD5E3969-F0C0-ECBF-45E5-C36B84904281}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Russian (HKLM-x32\...\{CFA2067C-AE90-3BF9-06AF-E7E65E679B3D}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Spanish (HKLM-x32\...\{110E4EE7-85A9-B76B-B943-C0C1CF0C2F74}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Swedish (HKLM-x32\...\{42A97797-A255-49F9-4250-D58A9CEA2904}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Thai (HKLM-x32\...\{31BC0B51-0676-A531-3940-1818B609EEA7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
CCC Help Turkish (HKLM-x32\...\{9DB45EC2-90E7-642D-7CF9-5AC2FBDC14F7}) (Version: 2015.0804.0020.41908 - Advanced Micro Devices, Inc.)
ccc-utility64 (HKLM\...\{C3463F9A-E635-02E0-C351-41D16074E202}) (Version: 2015.0804.21.41908 - Advanced Micro Devices, Inc.)
Convert XLS (HKLM-x32\...\Convert XLS_is1) (Version: - Softinterface, Inc.)
CrystalDiskInfo 7.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World)
Dr. Hardware 2015 15.5d (HKLM-x32\...\Dr. Hardware 2015_is1) (Version: - Peter A. Gebhard)
Electrum (HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\Electrum) (Version: 2.8.2 - Electrum Technologies GmbH)
Free Pascal 3.0.0 (HKLM-x32\...\FreePascal_is1) (Version: - Free Pascal Team)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.195.0 - International GeoGebra Institute)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Gpg4win (2.3.3) (HKLM-x32\...\GPG4Win) (Version: 2.3.3 - The Gpg4win Project)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
GUI Turbo Assembler Ver 3.0.1 (HKLM-x32\...\{F522C947-52FA-4C01-B933-16292944E000}) (Version: 3.0.1 - Lakhya's Innovation Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.135.1 - Intel Security)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Lazarus 1.6.2 (HKLM\...\lazarus_is1) (Version: 1.6.2 - Lazarus Team)
MailWasherPro (HKLM-x32\...\{D16B61A0-A55E-47A9-BA73-8A5E92C26DB2}) (Version: 7.11.05 - Firetrust)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
ManyCam 5.3.0 (HKLM-x32\...\ManyCam) (Version: 5.3.0 - Visicom Media Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 de) (HKLM\...\Mozilla Firefox 58.0.2 (x64 de)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Opera Stable 50.0.2762.67 (HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\Opera 50.0.2762.67) (Version: 50.0.2762.67 - Opera Software)
Pari-2-7-6 (remove only) (HKLM-x32\...\Pari-2-7-6) (Version: - )
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PilotEdit Lite 10.7.0 (HKLM-x32\...\PilotEdit Lite_is1) (Version: - )
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Scid vs PC 4.16 (HKLM-x32\...\Scid vs PC_is1) (Version: 4.16 - Steven Atkinson)
SharpKeys (HKLM\...\{F6908C45-459A-4332-A3F2-03DAAB64939D}) (Version: 3.6.0000 - RandyRants.com)
Shotcut (HKLM-x32\...\Shotcut) (Version: - )
Skype version 8.13 (HKLM-x32\...\Skype_is1) (Version: 8.13 - Skype Technologies S.A.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Web Companion (HKLM-x32\...\{37c882f6-40f7-46a4-9ccb-8e2808e1a79e}) (Version: 2.4.1558.3001 - Lavasoft)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wolfram Mathematica 11.2 (M-WIN-L 11.2.0 5822651) (HKLM\...\M-WIN-L 11.2.0 5822651_is1) (Version: 11.2.0 - Wolfram Research, Inc.)
Wondershare Data Recovery(Build 6.5.1.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.5.1.5 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version: - )
Xilinx Design Tools Vivado HL WebPACK 2016.3 (C:\Xilinx) (HKLM\...\Xilinx_Vivado HL WebPACK_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx DocNav (C:\Xilinx) (HKLM\...\Xilinx_DocNav_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
Xilinx Information Center (C:\Xilinx) (HKLM\...\Xilinx_Xilinx Information Center_2016.3#0) (Version: 2016.3 - Xilinx Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] ()
ContextMenuHandlers1: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers1: [PilotEdit] -> {277B9550-37E2-47DE-B533-89A1EBD82DB9} => C:\Program Files (x86)\PilotEdit Lite\EShell_x64.dll [2013-01-01] (PilotEdit)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\GNU\GnuPG\bin\gpgex.dll [2016-08-18] (g10 Code GmbH)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {16B2D2AF-ED8D-4756-96D7-FF39E5C6A185} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {1FB3732E-9592-444D-A701-81DF304F14A9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe
Task: {21022CE6-BFE7-40E7-AAFA-15A6CC72356B} - System32\Tasks\{E140102B-F244-4775-9758-5FA77AFD8886} => C:\Windows\system32\pcalua.exe -a "C:\Users\juergen2\Downloads\chromeinstall-8u77 (1).exe" -d C:\Users\juergen2\Downloads
Task: {213D38E2-E0E5-4EFB-88BC-AC61BF33552B} - System32\Tasks\{849B1E16-7952-40E5-887E-DAAD93154E62} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\putty.exe -d D:\backupMaxtor80gb\data
Task: {22DA9795-90BD-4731-AB6A-BD01A662D2F9} - System32\Tasks\{9C6CF1E7-9264-4314-BC30-F7778072B17B} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\wlsetup3528-all.exe -d d:\backupMaxtor80gb\data\
Task: {3B11371B-11AB-415E-8185-32A4F05C4B0F} - System32\Tasks\{471AF2D6-FC39-423E-8A09-1CE6E304D7BB} => C:\Windows\system32\pcalua.exe -a C:\camel\SilkroadOnlineGlobal_Official_v1_486.exe -d c:\camel\
Task: {4ADE3327-7150-4BB8-87C3-76601FC67879} - System32\Tasks\{FD09F9C6-B58A-406E-8536-F1B82AF22BBE} => C:\Windows\system32\pcalua.exe -a D:\backupMaxtor80gb\data\i2pinstall_0.9.30_windows.exe -d D:\backupMaxtor80gb\data
Task: {6ADA2DE3-F929-4442-BCBE-E1D403613F2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
Task: {70FC73DB-5C4F-4CB5-9833-76B9D3A491A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {A6D9A0B3-82A7-4937-910D-C86CC1F2F571} - System32\Tasks\{C61837B8-EABF-4B5E-B96E-3C6EC1BD2343} => C:\Windows\system32\pcalua.exe -a C:\datas\jxpiinstall(4).exe -d C:\datas
Task: {AD24AC21-72E8-4AFB-8BA6-BC0413019E02} - System32\Tasks\Opera scheduled Autoupdate 1498067933 => C:\Users\juergen2\AppData\Local\Programs\Opera\launcher.exe [2018-01-22] (Opera Software)
Task: {BE9E6706-8A73-4F34-8BC7-F4B899EDF1C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {DAC363AC-634F-4411-8C93-334B4E476B58} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {E302C505-2A7A-4384-87A8-489CE462BC3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F4DDD129-C6FA-4772-AC2D-CE369BA97A92} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {F6F30DFE-BB87-4833-A1E0-CEE92CCDEE3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-08-04 00:25 - 2015-08-04 00:25 - 000214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2016-08-18 09:27 - 2016-08-18 09:27 - 000216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2018-02-10 21:01 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-01 02:07 - 2018-01-01 02:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 000102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-02-13 17:14 - 2018-02-06 18:41 - 000061362 _____ () C:\Users\Administrator\AppData\Local\Temp\~nsu.tmp\Au_.exe
2016-08-18 09:14 - 2016-08-18 09:14 - 000222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-08-18 09:09 - 2016-08-18 09:09 - 000103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-08-18 09:03 - 2016-08-18 09:03 - 000050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-08-18 09:14 - 2016-08-18 09:14 - 000073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-08-18 09:17 - 2016-08-18 09:17 - 000751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2018-01-01 02:07 - 2018-01-01 02:07 - 000021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\...\localhost -> localhost
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2018-02-10 18:45 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-963683855-2343051469-89585254-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170300898\Control Panel\Desktop\\Wallpaper -> C:\Users\juergen2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-963683855-2343051469-89585254-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-963683855-2343051469-89585254-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02132018170301201\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: BCWipeSvc => 2
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: vssbrigde64 => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^juergen2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.lnk => C:\Windows\pss\MailWasherPro.lnk.Startup
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr Inc\Raptr\raptrstub.exe --startup
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E08E8243-C2A1-4221-90A7-14736621DBE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EA08C55-5310-4A9E-8ABB-32F4A49FF91B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97587CB0-9EAA-4B76-AE0F-849E608FE32D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{81373308-C4D3-45DA-ABFB-9FF3613C6D5D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{27E94056-EE89-40C2-88F9-FCDD1B8E5D43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D80E4AD5-8012-4DE4-B0FE-3695EFEBEAED}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E4AFD96A-B990-4558-B5EE-3F16F3B150B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EFF6531-5BDD-4CC8-BCE4-8C1B36A92B77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1144CB11-19E6-41BF-BAFF-C3CBF53D788E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{D076BE44-8E6B-4596-BDAA-38B73655C620}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{BA663251-09BF-4823-8DE3-357013B1B8CE}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [UDP Query User{E5E54FE6-C09E-4ABB-90E3-E86CBF75A6F2}C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe] => (Allow) C:\users\juergen2\appdata\local\temp\_tc0\bot\mbot_vsro110.exe
FirewallRules: [TCP Query User{3562059C-09AD-49C5-B7A8-F01122A24FF9}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{F0D6FC0B-D3F6-4346-A980-F46D4C9D1B96}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{98C9BD54-7195-421F-8622-82F19A588534}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [UDP Query User{823BFEF5-2144-437C-A54B-BCCA12451298}C:\eclipse\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse\eclipse.exe
FirewallRules: [TCP Query User{43DE325D-FD61-460D-842E-290A5202FB7F}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{DFCF343D-2298-479B-820C-A9D87E56AFF7}C:\users\juergen2\desktop\totalcmd\totalcmd.exe] => (Allow) C:\users\juergen2\desktop\totalcmd\totalcmd.exe
FirewallRules: [TCP Query User{A1496639-68D5-46B4-967E-A505FB7D9C89}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [UDP Query User{D2661694-9DE9-4B85-AA71-E76B9FE67E92}C:\datas\psro_m_manualpatch_client_downloader_v3.exe] => (Allow) C:\datas\psro_m_manualpatch_client_downloader_v3.exe
FirewallRules: [TCP Query User{DA6A1C4E-6658-4536-B8A6-C2F9FD65FD61}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [UDP Query User{4C306084-351A-440E-86A7-02F33064F80E}C:\datas\psro_full_client_downloader_v3.exe] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [TCP Query User{82621B54-D4E3-4191-A32E-7FB2E966AFE0}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{FA455FFB-BB85-4880-8324-9ED51129A541}I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) I:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [TCP Query User{AFDB542D-C34E-4DBA-A5E8-13FD772F4676}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [UDP Query User{821974AD-1244-4300-8892-42C965D1C906}C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe] => (Allow) C:\mbot\mbot_puresro_pure-sro-com\mbot_vsro110.exe
FirewallRules: [{776A7697-A9FA-4D00-AE02-02733E032793}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{179DB254-E4A7-44FD-8180-A252E383B707}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{5881A1B3-618E-4628-AF81-07C027281C34}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [UDP Query User{B1095A5C-EA19-4532-BE33-41EF9C86B1D8}C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe] => (Allow) C:\datas\bitcoin-0.12.1-win64\bitcoin-0.12.1\bin\bitcoin-qt.exe
FirewallRules: [TCP Query User{B12981FF-B265-4AD8-90CC-1CAA78AFF9D3}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{17966661-BA79-4C90-BC0D-63434C7A2A9F}C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe] => (Allow) C:\users\juergen2\appdata\local\temp\7zipsfx.000\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{359222EA-9F94-4EDA-A978-E08B0C015F21}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{DCC70F92-DA66-4518-B65F-551E06FAED96}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{0C48E5AD-B230-4661-BAFF-D286C90BF7ED}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [UDP Query User{5E82995E-38F3-476B-98A0-E4055D9530E6}C:\xilinx\xic\tps\win64\jre\bin\java.exe] => (Allow) C:\xilinx\xic\tps\win64\jre\bin\java.exe
FirewallRules: [TCP Query User{FF3B1697-47E7-4E15-A46F-14DAD9A34297}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{91BF5810-5F2B-4B0B-89A6-13C7BD7AF7E0}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [{A15FD59F-4DEB-48C5-B0AB-C560507A5BD9}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{7B27A2F1-A1C2-40B1-856F-69E72A5FDD68}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{109B94D2-FB0C-44F2-A49B-C1ABC4AE84C2}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{0E26162C-0928-4A55-BFA2-D3D7A388B22E}] => (Allow) C:\Users\juergen2\Desktop\Tor Browser\Browser\firefox.exe
FirewallRules: [{8BAD0C4F-C654-432F-8A46-8CBC4BFF20AF}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{81FA3FFE-6DEF-4F3D-871E-6120D650F375}] => (Allow) C:\datas\psro_full_client_downloader_v3.exe
FirewallRules: [{E12FBEE4-11A9-4252-B72E-9DA5B9A82CDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7DA09561-F33A-4F74-AE93-BE232605E318}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C619FF61-7405-4E6D-B469-F5ED7A4CEBEE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5D49AA65-E9EC-4E40-AF85-819A887C58C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{97B5B131-9D32-4BAD-8E9A-E1780ABF9A4D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{054F0F09-AE56-4599-9BA5-F86C9D31FFB5}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{A5989984-670A-4953-A4B2-97E2981C1C4E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.58\opera.exe
FirewallRules: [{51A58F52-6A7A-4F9F-A9D3-54673771201E}] => (Allow) C:\Users\juergen2\AppData\Local\Programs\Opera\50.0.2762.67\opera.exe
FirewallRules: [{858D641F-B90B-4B90-9641-DFF96825B635}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{36275EA3-11DB-4932-AC9B-19B7D18F4C95}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe
FirewallRules: [{A9C5985A-EEDC-40A3-BBEC-1E2E964F227C}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{A6DED921-ACDB-4F33-8FF6-E322906C2092}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe
FirewallRules: [{9D3AC6F5-DD80-4C6C-AC12-2DE855E84AE0}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
FirewallRules: [{719EF127-CBDB-42E9-AA42-01703EB925AD}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe
FirewallRules: [{8A616D52-4726-4DAA-B13D-3AECDF8E1BF0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{C5DF63D8-C393-4201-87DC-974405E1ACE2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{713E93FE-97C7-4D2B-97D7-78D78D86CFEB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0F40B081-88E5-48FA-A93B-F155F4F0FD0D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
==================== Restore Points =========================
13-02-2018 16:24:13 End of disinfection
13-02-2018 16:40:08 Revo Uninstaller's restore point - Adobe Flash Player 28 NPAPI
13-02-2018 16:41:55 Revo Uninstaller's restore point - BestCrypt 9.0
13-02-2018 16:51:22 Device Driver Package Install: Jetico, Inc. BestCrypt bus controllers
13-02-2018 17:03:52 Revo Uninstaller's restore point - BestCrypt 8.0
13-02-2018 17:13:21 Revo Uninstaller's restore point - PlaysTV
13-02-2018 17:21:43 Revo Uninstaller's restore point - Raptr
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: AODDriver4.1
Description: AODDriver4.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/13/2018 05:21:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary bcfnt.
System Error:
The system cannot find the file specified.
.
Error: (02/13/2018 05:13:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary bcfnt.
System Error:
The system cannot find the file specified.
.
Error: (02/13/2018 05:03:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2419a346-823c-4a07-866d-706ab0c5b9fa}
Error: (02/13/2018 04:55:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2018 04:50:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2018 04:46:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2018 04:40:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {cd432ca5-719a-4765-bb3b-fd7ab6493633}
Error: (02/13/2018 04:31:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (02/13/2018 05:03:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
Error: (02/13/2018 04:55:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Biometric and Context Agent Service service hung on starting.
Error: (02/13/2018 04:54:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2018 04:53:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
The system cannot find the path specified.
Error: (02/13/2018 04:49:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bcbus
Error: (02/13/2018 04:49:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Biometric and Context Agent Service service hung on starting.
Error: (02/13/2018 04:49:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2018 04:48:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
The system cannot find the path specified.
Windows Defender:
===================================
Date: 2015-11-05 16:46:24.583
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0
Date: 2015-11-05 06:18:26.559
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a004
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Signature version:1.209.968.0
Engine version:1.1.6402.0
Date: 2015-11-05 06:18:07.182
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0
CodeIntegrity:
===================================
Date: 2015-11-05 07:09:53.063
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-11-05 07:09:53.061
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-11-05 07:09:53.029
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-11-05 07:09:53.027
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD A6-3650 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 66%
Total physical RAM: 7665.37 MB
Available physical RAM: 2547.34 MB
Total Virtual: 11759.54 MB
Available Virtual: 6214.92 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:488.18 GB) (Free:181 GB) NTFS
Drive d: (neueMaxTor) (Fixed) (Total:443.23 GB) (Free:149.88 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Dritte Externe Teil 1) (Fixed) (Total:351.38 GB) (Free:50.38 GB) NTFS
Drive h: (Poops) (Fixed) (Total:347.16 GB) (Free:44.24 GB) NTFS
Drive i: (PalleMalle) (Fixed) (Total:931.51 GB) (Free:67.19 GB) NTFS
Drive j: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:31.52 GB) NTFS
Drive k: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive l: (UZFHGF) (Removable) (Total:3.73 GB) (Free:0.04 GB) FAT32
\\?\Volume{39adc126-8011-11e5-b8fa-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9A083BDB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7191D59B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=351.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=347.2 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 002EFF55)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 3.7 GB) (Disk ID: E929F505)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)
========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: AAE66568)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
|
|
14.02.2018, 10:45
| #6 | ||
| /// TB-Ausbilder | OTL scan auf BKA trojaner Servus, Zitat:
Wähle dort "zur kostenlosen Version wechseln" (oder so ähnlich) aus. Zitat:
Siehe dazu auch meine 10 einleitenden Hinweise. FRST nochmal bitte, dieses mal richtig. |
|
25.02.2018, 06:56
| #7 |
| | OTL scan auf BKA trojaner Hi, Um etwas Selbstädigkeit un diesen Bereich zu erlangem, kann ich doch ein FRST64 vom Desktop vom Adminaccount mit Code:
ATTFilter EmptyTemp:
Ohne dass ein konkreter Anlass bestünde.. Oder ist das "riskant" ? Jürgen |
|
| Themen zu OTL scan auf BKA trojaner |
| administrator, adobe, bho, canon, cdrom, defender, error, explorer, explorer.exe, firefox, format, google, malwarebytes, microsoft, mozilla, opera, realtek, registry, scan, security, software, system32, trojaner, usb, windows, winlogon |
Hybrid-Darstellung
