|
Plagegeister aller Art und deren Bekämpfung: Virenprogram blockiert Dateien im Cache die JS:Adware.Agent.VTZ enthaltenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.02.2019, 18:12 | #1 |
| Virenprogram blockiert Dateien im Cache die JS:Adware.Agent.VTZ enthalten Halli Hallo, Mein Virenprogramm Bitdefender läuft heute auf Hochtouren. Ständig werden Dateien im Cache meines Google Chroms in Quarantäne verschoben und danach von mir gelöscht. Außerdem werden Websites blockiert, die angeblich ebenso diese Malware enthalten. Meldung des Bitdefender: Infizierte Datei gefunden vor 4 Minuten Funktion: Virenschutz Die Datei ....AppData\Local\Google\Chrome\User Data\Default\Cache\f_000077 ist mit JS:Adware.Agent.VTZ infiziert und wurde in die Quarantäne verschoben. Wir empfehlen die Durchführung eines System-Scans, um weitere Infektionen auszuschließen. Außerdem folgende Meldung: Funktion: Online-Gefahrenabwehr Wir haben diese gefährliche Seite zu Ihrem Schutz blockiert: hxxp://onlinekey.biz/1f9f5ee62aefca3cb1.js Name der Bedrohung: JS:Adware.Agent.VTZ Gefährliche Seiten versuchen, Software zu installieren, die dem Gerät schaden, personenbezogene Daten sammeln oder ohne Ihre Zustimmung aktiv werden kann Ich habe einen Systemscan durchgeführt und alle Bedrohungen - sprich den gesamten Cache gelöscht. Allerdings wird ständig wieder diese Meldung angezeigt. Jetzt stellt sich mir die grundsätzliche Frage: Habe ich diesen Virus/Malware jetzt, oder wurde sie erfolgreich blockiert? Den das Virusprogram schreibt ständig: Ihr System ist sicher. Bedrohung blockiert. Wenn ich sie nicht habe, wieso laden sich immer wieder diese Dateien in den Cache? Wenn ich es habe, wie werde ich es los? Ich hoffe ihr könnt mir helfen. Ich benötige den Computer als Selbstständige zur Arbeit - das Ding muss funktionieren (nein ich habe keine IT Abteilung ;-) ). Danke im Voraus, LG Michi |
19.02.2019, 21:14 | #2 | |
/// TB-Ausbilder | Virenprogram blockiert Dateien im Cache die JS:Adware.Agent.VTZ enthaltenMein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen. Bitte vergewissere dich zuerst, dass du die folgenden Regeln und Hinweise für eine Analyse inklusive Bereinigung gelesen und verstanden hast: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? Zitat:
Oder es handelt sich um einen Fehlalarm von G-DATA. Schritt 1 Bitte lade dir die passende Version von Farbar Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
Bitte poste mit deiner nächsten Antwort
Geändert von M-K-D-B (19.02.2019 um 21:25 Uhr) |
20.02.2019, 10:17 | #3 |
| Virenprogram blockiert Dateien im Cache die JS:Adware.Agent.VTZ enthalten Guten Morgen,
__________________Vielen Dank für die schnelle Antwort. Die FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18.02.2019 Ran by Michaela Jedinger (administrator) on BIG-ONE (20-02-2019 09:10:31) Running from C:\Users\Michaela Jedinger\Downloads Loaded Profiles: Michaela Jedinger (Available Profiles: defaultuser0 & Markus Schabel & Michaela Jedinger) Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: Englisch (Großbritannien) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Windows\SysWOW64\SecUPDUtilSvc.exe () C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe (Microsoft) C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (Microsoft) C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\10.0\acdIDInTouch2.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Synology Inc.) C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Synology Inc.) C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-connect.exe (Synology Inc.) C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [ACPW10DE] => C:\Program Files\ACD Systems\ACDSee Pro\10.0\acdIDInTouch2.exe [2157000 2017-01-18] (ACD Systems International -> ACD Systems) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech Inc -> Logitech, Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKLM-x32\...\Run: [M17A] => C:\WINDOWS\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [77312 2017-10-19] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed] HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\Run: [ACDSeeCommanderPro10] => C:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe [3427808 2017-04-27] (ACD Systems International -> ) HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Michaela Jedinger\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Michaela Jedinger\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\RunOnce: [Uninstall 19.012.0121.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michaela Jedinger\AppData\Local\Microsoft\OneDrive\19.012.0121.0005\amd64" HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\RunOnce: [Uninstall 19.012.0121.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michaela Jedinger\AppData\Local\Microsoft\OneDrive\19.012.0121.0005" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter Startup: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2017-06-15] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2018-09-07] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Drive.lnk [2019-02-20] ShortcutTarget: Synology Drive.lnk -> C:\Program Files (x86)\Synology\SynologyDrive\bin\launcher.exe (Synology Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{1091dfa6-8a35-489c-94b0-da16d7ccd78b}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{4811fc00-cbcf-4360-bc7d-2ba895abad78}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{dd171ed8-f4c5-44e0-9d50-6a5e49e6ecd5}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{ea30c1bf-cea6-4378-875e-55070ac6330c}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Internet Explorer: ================== BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-12] (Bitdefender SRL -> Bitdefender) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-02-18] (Microsoft Corporation -> Microsoft Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.) BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-12] (Bitdefender SRL -> Bitdefender) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2019-01-14] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.) Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-12] (Bitdefender SRL -> Bitdefender) Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-12] (Bitdefender SRL -> Bitdefender) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-18] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: ltc7bcdm.default FF ProfilePath: C:\Users\Michaela Jedinger\AppData\Roaming\Mozilla\Firefox\Profiles\ltc7bcdm.default [2019-02-20] FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2018-12-12] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2018-10-29] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-09-11] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-02-18] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.at/" CHR Profile: C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default [2019-02-20] CHR Extension: (Präsentationen) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05] CHR Extension: (YouTube) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05] CHR Extension: (Telegram) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2017-07-06] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-11-05] CHR Extension: (Google News) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2016-11-05] CHR Extension: (Tabellen) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Bitdefender Wallet) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2018-12-12] CHR Extension: (Google Docs Offline) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20] CHR Extension: (AdBlock) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-16] CHR Extension: (Fade to Bright Aero Skin (by Skarv)) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniphhdbdangomdllnbbhhkofoggidgc [2016-11-05] CHR Extension: (WhatsGreen Multi Messenger) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbhfoiaobflocffnclkigpkeoagheimn [2019-01-14] CHR Extension: (Hootsuite) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2016-11-05] CHR Extension: (Google Maps) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-11-05] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Google Mail) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05] CHR Extension: (Chrome Media Router) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16] CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-14] (Microsoft Windows Hardware Compatibility Publisher -> ) R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [779152 2018-12-12] (Bitdefender SRL -> Bitdefender) R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [779152 2018-12-12] (Bitdefender SRL -> Bitdefender) R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-03-22] (Bitdefender SRL -> Bitdefender) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11135560 2019-02-11] (Microsoft Corporation -> Microsoft Corporation) R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [94496 2018-11-23] (Bitdefender SRL -> Bitdefender) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [181512 2016-09-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel(R) pGFX -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (Arvato Digital Services Canada Inc -> arvato digital services llc) R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2018-06-11] (Samsung Electronics CO., LTD. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [290840 2018-06-27] (Synology Inc. -> ) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112656 2018-12-12] (Bitdefender SRL -> Bitdefender) R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2018-12-20] (Microsoft) [File not signed] R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248856 2018-05-11] (Synology Inc. -> ) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [804656 2018-12-12] (Bitdefender SRL -> Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation) R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2018-12-20] (Microsoft) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-14] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 ASUSfilter; C:\WINDOWS\System32\drivers\ASUSfilter.sys [48384 2014-10-03] (MCCI Corporation -> MCCI Corporation) S3 ASUSstpt; C:\WINDOWS\System32\drivers\ASUSstpt.sys [27392 2014-10-03] (MCCI Corporation -> MCCI Corporation) S3 ASUSumsc; C:\WINDOWS\System32\drivers\ASUSumsc.sys [151808 2014-10-03] (MCCI Corporation -> MCCI Corporation) S3 ASUSxpsp; C:\WINDOWS\System32\drivers\ASUSxpsp.sys [28416 2014-10-03] (MCCI Corporation -> MCCI Corporation) S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-03-02] (AVAST Software s.r.o. -> The OpenVPN Project) R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1292296 2018-06-05] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA) R2 BdDci; C:\WINDOWS\System32\DRIVERS\bddci.sys [156912 2018-10-18] (Bitdefender SRL -> Bitdefender) S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-04-19] (Microsoft Windows Early Launch Anti-Malware Publisher -> Bitdefender) R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45728 2018-09-17] (Bitdefender SRL -> © Bitdefender SRL) R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-04-27] (Bitdefender SRL -> BitDefender) R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider) R0 cm_km; C:\WINDOWS\System32\drivers\cm_km.sys [389816 2015-07-05] (Kaspersky Lab -> Kaspersky Lab ZAO) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R0 Gemma; C:\WINDOWS\System32\DRIVERS\Gemma.sys [359584 2018-12-12] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA) R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [193184 2018-05-29] (Bitdefender SRL -> BitDefender LLC) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [221448 2016-09-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) R2 Ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [196352 2018-12-12] (Bitdefender SRL -> Bitdefender) R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [237488 2016-04-29] (Kaspersky Lab -> AO Kaspersky Lab) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-19] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-02-19] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-02-20] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-20] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-02-19] (Malwarebytes Corporation -> Malwarebytes) R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-11] (Microsoft Windows -> Intel Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [609576 2018-06-28] (Bitdefender SRL -> Bitdefender) S3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [25592 2015-11-05] (Unified Intents AB -> Windows (R) Win 7 DDK provider) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-20 09:10 - 2019-02-20 09:11 - 000027352 _____ C:\Users\Michaela Jedinger\Downloads\FRST.txt 2019-02-20 09:10 - 2019-02-20 09:10 - 000000000 ____D C:\FRST 2019-02-20 09:09 - 2019-02-20 09:09 - 002434560 _____ (Farbar) C:\Users\Michaela Jedinger\Downloads\FRST64.exe 2019-02-19 16:55 - 2019-02-19 16:55 - 000000000 ____D C:\ProgramData\dbg 2019-02-19 16:54 - 2019-02-20 08:25 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-02-19 16:54 - 2019-02-19 16:54 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\mbam 2019-02-19 16:54 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-02-19 16:49 - 2019-02-19 17:18 - 000000000 ____D C:\WINDOWS\Minidump 2019-02-19 16:49 - 2019-02-19 16:54 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-02-19 16:49 - 2019-02-19 16:54 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-02-19 16:49 - 2019-02-19 16:54 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-02-19 16:49 - 2019-02-19 16:49 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\mbamtray 2019-02-19 16:48 - 2019-02-20 08:25 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-02-19 16:48 - 2019-02-19 16:54 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-02-19 16:48 - 2019-02-19 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-02-19 16:48 - 2019-02-19 16:48 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-02-19 16:48 - 2019-02-19 16:48 - 000000000 ____D C:\Program Files\Malwarebytes 2019-02-19 16:48 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-02-19 16:31 - 2019-02-19 16:32 - 000000000 ____D C:\AdwCleaner 2019-02-19 16:31 - 2019-02-19 16:31 - 007316688 _____ (Malwarebytes) C:\Users\Michaela Jedinger\Downloads\adwcleaner_7.2.7.0.exe 2019-02-19 16:17 - 2019-02-19 16:17 - 000004652 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-02-19 08:43 - 2019-02-19 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-02-16 14:28 - 2019-02-16 14:28 - 195155883 _____ C:\Users\Michaela Jedinger\Downloads\Engelhaidame final korr.MOV 2019-02-15 10:33 - 2019-02-19 11:45 - 002469894 _____ C:\Users\Michaela Jedinger\Desktop\Inventorio Daivoon 2019.xlsx 2019-02-14 13:58 - 2019-02-06 07:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-02-14 13:58 - 2019-02-06 07:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-02-14 13:58 - 2019-02-06 07:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-02-14 13:58 - 2019-02-06 07:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-02-14 13:58 - 2019-02-06 07:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-02-14 13:58 - 2019-02-06 07:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-02-14 13:58 - 2019-02-06 07:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-02-14 13:58 - 2019-02-06 07:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-02-14 13:58 - 2019-02-06 06:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2019-02-14 13:58 - 2019-02-06 06:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-02-14 13:58 - 2019-02-06 06:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-02-14 13:58 - 2019-02-06 06:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-02-14 13:58 - 2019-02-06 03:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-02-14 13:58 - 2019-02-06 03:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-02-14 13:58 - 2019-02-06 03:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-02-14 13:58 - 2019-02-06 03:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2019-02-14 13:58 - 2019-02-06 03:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-02-14 13:58 - 2019-02-06 03:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-02-14 13:58 - 2019-02-06 03:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-02-14 13:58 - 2019-02-06 03:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-02-14 13:58 - 2019-02-06 03:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-02-14 13:58 - 2019-02-06 03:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-02-14 13:58 - 2019-02-06 03:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-02-14 13:58 - 2019-02-06 03:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-02-14 13:58 - 2019-02-06 03:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys 2019-02-14 13:58 - 2019-02-06 03:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2019-02-14 13:58 - 2019-02-06 03:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2019-02-14 13:58 - 2019-02-06 03:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2019-02-14 13:58 - 2019-02-06 03:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll 2019-02-14 13:58 - 2019-02-06 02:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys 2019-02-14 13:58 - 2019-02-06 02:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-02-14 13:58 - 2019-02-06 02:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-02-14 13:58 - 2019-02-06 02:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe 2019-02-14 13:58 - 2019-02-06 02:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-02-14 13:58 - 2019-02-06 02:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-02-14 13:58 - 2019-02-06 02:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-02-14 13:58 - 2019-02-06 02:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-02-14 13:58 - 2019-02-06 02:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-02-14 13:58 - 2019-02-06 02:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-02-14 13:58 - 2019-02-06 02:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll 2019-02-14 13:58 - 2019-02-06 02:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-02-14 13:58 - 2019-02-06 02:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2019-02-14 13:58 - 2019-02-06 02:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-02-14 13:58 - 2019-02-06 02:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-02-14 13:58 - 2019-02-06 02:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-02-14 13:58 - 2019-02-06 02:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-02-14 13:58 - 2019-02-06 02:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys 2019-02-14 13:58 - 2019-02-06 02:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2019-02-14 13:58 - 2019-02-06 02:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll 2019-02-14 13:58 - 2019-02-06 02:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-02-14 13:58 - 2019-02-06 02:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-02-14 13:58 - 2019-02-06 02:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys 2019-02-14 13:58 - 2019-02-06 02:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2019-02-14 13:58 - 2019-02-06 02:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-02-14 13:58 - 2019-02-06 02:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-02-14 13:58 - 2019-02-06 02:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2019-02-14 13:58 - 2019-02-06 02:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2019-02-14 13:58 - 2019-02-06 02:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-02-14 13:58 - 2019-02-06 02:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2019-02-14 13:58 - 2019-02-06 02:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll 2019-02-14 13:58 - 2019-02-06 02:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-02-14 13:58 - 2019-02-06 02:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-02-14 13:58 - 2019-02-06 02:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2019-02-14 13:58 - 2019-02-06 02:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-02-14 13:58 - 2019-02-06 02:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-02-14 13:58 - 2019-02-06 02:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys 2019-02-14 13:58 - 2019-02-06 01:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim 2019-02-14 13:58 - 2019-01-12 08:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-02-14 13:58 - 2019-01-12 02:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-02-14 13:58 - 2019-01-09 18:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2019-02-14 13:58 - 2019-01-09 17:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-02-14 13:58 - 2019-01-09 17:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-02-14 13:58 - 2019-01-09 17:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-02-14 13:58 - 2019-01-09 17:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-02-14 13:58 - 2019-01-09 17:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2019-02-14 13:58 - 2019-01-09 17:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2019-02-14 13:58 - 2019-01-09 17:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2019-02-14 13:58 - 2019-01-09 10:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2019-02-14 13:58 - 2019-01-09 09:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-02-14 13:58 - 2019-01-09 09:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2019-02-14 13:58 - 2019-01-09 08:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2019-02-14 13:58 - 2019-01-09 08:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-02-14 13:58 - 2019-01-09 05:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2019-02-14 13:58 - 2019-01-09 05:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe 2019-02-14 13:58 - 2019-01-09 05:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-02-14 13:58 - 2019-01-09 05:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys 2019-02-14 13:58 - 2019-01-09 05:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-02-14 13:58 - 2019-01-09 05:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-02-14 13:58 - 2019-01-09 05:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2019-02-14 13:58 - 2019-01-09 05:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-02-14 13:58 - 2019-01-09 05:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys 2019-02-14 13:58 - 2019-01-09 05:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe 2019-02-14 13:58 - 2019-01-09 05:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2019-02-14 13:58 - 2019-01-09 05:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2019-02-14 13:58 - 2019-01-09 05:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-02-14 13:58 - 2019-01-09 05:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2019-02-14 13:58 - 2019-01-09 05:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-02-14 13:58 - 2019-01-09 05:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-02-14 13:58 - 2019-01-09 05:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2019-02-14 13:58 - 2019-01-09 05:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-02-14 13:58 - 2019-01-09 05:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-02-14 13:58 - 2019-01-09 05:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-02-14 13:58 - 2019-01-09 05:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll 2019-02-14 13:58 - 2019-01-09 05:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-02-14 13:58 - 2019-01-09 05:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll 2019-02-14 13:58 - 2019-01-09 05:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll 2019-02-14 13:58 - 2019-01-09 05:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-02-14 13:58 - 2019-01-09 05:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2019-02-14 13:58 - 2019-01-09 05:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll 2019-02-14 13:58 - 2019-01-09 05:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-02-14 13:58 - 2019-01-09 05:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-02-14 13:58 - 2019-01-09 05:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-02-14 13:58 - 2019-01-09 05:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2019-02-14 13:58 - 2019-01-09 05:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-02-14 13:58 - 2019-01-09 05:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-02-14 13:58 - 2019-01-09 05:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2019-02-14 13:58 - 2019-01-09 05:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-02-14 13:58 - 2019-01-09 05:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2019-02-14 13:58 - 2019-01-09 04:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls 2019-02-14 13:58 - 2019-01-09 04:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls 2019-02-14 13:58 - 2019-01-08 09:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-02-14 13:58 - 2019-01-08 03:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-02-14 13:58 - 2019-01-08 03:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2019-02-14 13:58 - 2019-01-08 03:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-20 09:06 - 2018-04-11 23:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-02-20 08:46 - 2018-06-11 08:01 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4244124381-807929188-483639696-1002 2019-02-20 08:46 - 2018-06-11 07:56 - 000002452 _____ C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-02-20 08:31 - 2018-06-11 08:48 - 000743778 _____ C:\WINDOWS\system32\perfh007.dat 2019-02-20 08:31 - 2018-06-11 08:48 - 000153086 _____ C:\WINDOWS\system32\perfc007.dat 2019-02-20 08:31 - 2018-06-11 08:03 - 001718588 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-02-20 08:31 - 2018-04-11 23:36 - 000000000 ____D C:\WINDOWS\INF 2019-02-20 08:30 - 2018-04-11 21:04 - 000065536 _____ C:\WINDOWS\system32\config\ELAM 2019-02-20 08:26 - 2018-07-04 15:41 - 000000000 ___RD C:\Users\Michaela Jedinger\Desktop\Portal to Daivoon Universe 2019-02-20 08:26 - 2018-07-04 15:41 - 000000000 ___RD C:\Users\Michaela Jedinger\Desktop\Papeles para Guardia Civil 2019-02-20 08:26 - 2018-06-11 07:56 - 000000000 ____D C:\Users\Michaela Jedinger 2019-02-20 08:25 - 2018-06-11 08:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-02-20 08:25 - 2018-06-11 07:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-02-20 08:25 - 2017-06-20 07:50 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-02-20 08:25 - 2016-11-05 15:35 - 000000000 __SHD C:\Users\Michaela Jedinger\IntelGraphicsProfiles 2019-02-19 16:50 - 2018-07-04 10:33 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive 2019-02-19 16:48 - 2018-04-11 23:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-02-19 16:44 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-02-19 16:44 - 2017-11-30 10:55 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\Packages 2019-02-19 16:32 - 2018-11-21 10:47 - 000003835 _____ C:\bdlog.txt 2019-02-19 16:32 - 2018-04-11 21:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-02-19 16:32 - 2017-03-04 07:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2019-02-19 16:32 - 2016-10-24 11:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-02-19 16:17 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-02-19 16:17 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-02-19 16:17 - 2017-05-28 12:14 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\Adobe 2019-02-19 16:03 - 2017-12-18 14:58 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Roaming\vlc 2019-02-19 16:02 - 2017-08-23 09:46 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Roaming\Tangysoft 2019-02-19 13:02 - 2018-08-06 11:43 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\CrashDumps 2019-02-19 11:09 - 2018-06-11 12:04 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\D3DSCache 2019-02-19 10:52 - 2018-04-11 23:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-02-19 08:55 - 2018-08-20 14:42 - 000001396 _____ C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002583 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002558 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-02-19 08:43 - 2016-10-24 12:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-02-16 08:39 - 2018-11-16 09:01 - 000000000 ____D C:\Program Files\rempl 2019-02-15 15:02 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-02-14 14:56 - 2018-06-11 07:55 - 000486720 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-02-14 14:56 - 2017-03-11 12:09 - 000000000 ____D C:\Program Files\CCleaner 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ___SD C:\WINDOWS\system32\F12 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ___RD C:\Program Files\Windows Defender 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-02-14 14:01 - 2018-04-11 23:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-02-14 13:58 - 2016-10-24 10:52 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-02-14 13:56 - 2018-07-19 13:40 - 000000000 ____D C:\ProgramData\Packages 2019-02-14 13:56 - 2016-10-24 10:52 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-02-02 22:53 - 2018-12-12 09:34 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-02-02 22:53 - 2018-12-12 09:34 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\dllhost.exe => File is digitally signed C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-06-11 07:55 ==================== End of FRST.txt ============================ Die Addition.txt [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 18.02.2019 Ran by Michaela Jedinger (20-02-2019 09:11:41) Running from C:\Users\Michaela Jedinger\Downloads Windows 10 Pro Version 1803 17134.590 (X64) (2018-06-11 08:02:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4244124381-807929188-483639696-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4244124381-807929188-483639696-503 - Limited - Disabled) defaultuser0 (S-1-5-21-4244124381-807929188-483639696-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-4244124381-807929188-483639696-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4244124381-807929188-483639696-1004 - Limited - Enabled) Markus Schabel (S-1-5-21-4244124381-807929188-483639696-1001 - Administrator - Enabled) => C:\Users\Markus Schabel Michaela Jedinger (S-1-5-21-4244124381-807929188-483639696-1002 - Administrator - Enabled) => C:\Users\Michaela Jedinger WDAGUtilityAccount (S-1-5-21-4244124381-807929188-483639696-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5} FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) ACDSee Pro 10 (64-bit) (HKLM\...\{13E67D9D-8F6F-4709-B380-A04EC12343E7}) (Version: 10.4.0.686 - ACD Systems International Inc.) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 23.0.8.115 - Bitdefender) Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 23.0.11.48 - Bitdefender) Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 23.0.14.61 - Bitdefender) BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden Brother iPrint&Scan (HKLM-x32\...\{ED5378E9-6589-4A4B-8A27-27421DA1249F}) (Version: 4.2.1.0 - Brother Industries, Ltd.) Hidden Brother iPrint&Scan (HKLM-x32\...\{fe307697-ad44-486e-8c41-391ba10d0522}) (Version: 4.2.1.0 - Brother Industries, Ltd.) Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden Brother Printer Driver (HKLM-x32\...\{272543B6-B337-4C8F-B9F1-19E884C2C7AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden Brother Scanner Driver (HKLM-x32\...\{1162495D-7CE7-4EF9-A0F8-151196F3A660}) (Version: 1.0.17.1 - Brother Industries Ltd.) Hidden BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden calibre 64bit (HKLM\...\{7F000A1B-01E7-490F-B2EB-176FB4E4F967}) (Version: 2.80.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6389 - CDBurnerXP) CGS17_Setup_x64 (HKLM\...\{83646B67-A878-4E95-BB4B-AF4A6E61F28C}) (Version: 17.0 - Corel Corporation) Hidden Configurador_FNMT (HKLM-x32\...\{438D4C4C-B703-4971-9C3D-33FF8A010ADB}) (Version: 3.7 - FNMT-RCM) ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation) Corel Graphics - Windows Shell Extension (HKLM\...\{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.491 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{FD4A43CE-ABAE-4161-83AC-314A3C804F42}) (Version: 17.0.491 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Capture (x64) (HKLM\...\{2C91CB9D-323D-43E5-A433-229B71CFB773}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Common (x64) (HKLM\...\{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Connect (x64) (HKLM\...\{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Custom Data (x64) (HKLM\...\{5162E418-BB43-4C8F-ACD6-069645EF98C3}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Draw (x64) (HKLM\...\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - EN (x64) (HKLM\...\{3BB8EB77-737B-4B32-BAB9-08C7110C46BD}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Filters (x64) (HKLM\...\{D10A5CFA-FE33-4F06-AE37-554604F00A52}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - FontNav (x64) (HKLM\...\{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (HKLM\...\{C922F325-DD52-4E22-B204-431A06E63E51}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (HKLM\...\{1A73168F-5983-46A6-AAAB-FD83BC231E02}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Redist (x64) (HKLM\...\{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VBA (x64) (HKLM\...\{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (HKLM\...\{966996DC-D67C-40E3-8BD4-31FA0F093571}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation) Evernote v. 6.17.5 (HKLM-x32\...\{5A2A3CD0-183E-11E9-8FF6-005056951CAD}) (Version: 6.17.5.8273 - Evernote Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation) Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech) Malwarebytes Version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.11328.20070 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\OneDriveSetup.exe) (Version: 19.012.0121.0009 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla) Mozilla Thunderbird 60.0 (x86 de) (HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\Mozilla Thunderbird 60.0 (x86 de)) (Version: 60.0 - Mozilla) Mozilla Thunderbird 60.5.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 60.5.1 (x86 de)) (Version: 60.5.1 - Mozilla) NAPS2 5.8.1 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan) NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20070 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20070 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20070 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.11328.20070 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden PC-FAXReceive (HKLM-x32\...\{65EA2C86-30CD-444C-ADAB-8762BE4E2E8C}) (Version: 1.8.003.0 - Brother Insutries Ltd.) Hidden PCFaxTx (HKLM-x32\...\{03BF5A21-6363-410C-B3BE-0946B0012704}) (Version: 3.7.3.1 - Brother Industries Ltd.) Hidden PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.318.1 - Tracker Software Products Ltd) Personal Backup 5.9.3.0 (64-bit) (HKLM\...\Personal Backup 5_is1) (Version: 5.9.3.0 - Dr. J. Rathlev) RemoteSetup (HKLM-x32\...\{FAB8A30A-B074-48F9-9D73-5E9A757403F8}) (Version: 3.10.2.0 - Brother Industries Ltd.) Hidden ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden SoftwareUpdateNotification (HKLM-x32\...\{34F12379-C924-41E6-921D-51C71217F58C}) (Version: 1.0.9.0 - Brother Industries, Ltd.) Hidden StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 6.2-23733 - Synology) Synology Drive (remove only) (HKLM\...\Synology Drive) (Version: 5.1.0.10544 - Synology, Inc.) Tangysoft (HKLM-x32\...\Tangysoft_is1) (Version: - Tangysoft Ltd.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation) UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN) waterMark V2 (HKLM-x32\...\waterMark V2) (Version: - ) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\ContextMenu.dll () CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll [2018-11-26] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll [2018-11-26] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll [2018-11-26] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll [2018-11-26] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll [2018-11-26] (TODO: <Company name>) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2015-10-08] (ACD Systems International -> ACD Systems International Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1_S-1-5-21-4244124381-807929188-483639696-1002: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\ContextMenu.dll [2018-11-26] () ContextMenuHandlers6_S-1-5-21-4244124381-807929188-483639696-1002: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\ContextMenu.dll [2018-11-26] () ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {005E0FAA-ACD8-46CF-AC36-7060110BD436} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software) Task: {1CF6A186-D311-4F31-B1CB-3F3342DC91DC} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe (Bitdefender SRL -> Bitdefender) Task: {296240A0-59AA-404D-BBEC-F1802C35B2DC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {2CED8AB1-0218-49F3-8A5B-5AD5BF16AF9B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {472E6BD9-036F-408F-89CE-FB14A9C44EE4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation) Task: {55736C0C-13F2-4860-A124-0B472DACBA74} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {85E6329C-35DE-4392-9ACD-2ECE743546EE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) Task: {951882DD-4D7E-42CA-AEF5-3C5A3B11614B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {AD564E71-9377-4DE0-AD91-23191C8EA11B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {AEECD0DA-ED7E-491A-962D-2703CF0C5DD6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {BBEEC4D4-2B93-4565-BF15-E55D894CE3D8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {BFF5EB1C-736F-4790-B425-81B1249B7DF2} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) Task: {C2791087-75AB-4C21-AC57-E7F28A32E211} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) Task: {C5BE9DBE-07B1-4CE6-A35A-5D1F6B80DD6D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd) Task: {D8C17006-0A63-4025-9C3E-2A540DAB841F} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe (Bitdefender SRL -> Bitdefender) Task: {DA5D43D1-EE0E-4709-8AD6-F6768AE0B4BE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {EC885B93-5AB9-4F6D-9347-46B9349949C1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {F477DD99-AC0C-4341-806A-E958B2288566} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hotspot Shield Free VPN Proxy – Unblock Sites.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=heajfgnegopeedndeahkdjedjkjcmnpb ShortcutWithArgument: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno ShortcutWithArgument: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WhatsChrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bgkodfmeijboinjdegggmkbkjfiagaan ShortcutWithArgument: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5803ea45d7990e6f\WhatsChrome Extension.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kbhfoiaobflocffnclkigpkeoagheimn ==================== Loaded Modules (Whitelisted) ============== 2018-11-21 11:59 - 2018-11-21 11:59 - 000994752 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpbr.mdl 2018-11-21 11:59 - 2018-11-21 11:59 - 000544880 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpdsp.mdl 2018-11-21 11:59 - 2018-11-21 12:00 - 003240080 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpph.mdl 2018-11-21 11:59 - 2018-11-21 12:00 - 001530368 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttprbl.mdl 2017-03-14 12:44 - 2015-06-11 13:58 - 000022528 _____ () C:\WINDOWS\System32\ssm4mlm.dll 2017-03-08 12:40 - 2015-03-12 02:43 - 000022528 _____ () C:\WINDOWS\System32\us013lm.dll 2017-06-20 07:50 - 2015-05-14 06:47 - 000936456 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2018-06-11 12:18 - 2018-06-11 12:18 - 000143664 ____N () C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe 2018-06-27 11:57 - 2018-06-27 11:57 - 000290840 _____ () C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe 2018-05-11 11:21 - 2018-05-11 11:21 - 000248856 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe 2018-04-11 23:34 - 2018-04-11 23:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-04-11 23:34 - 2018-04-11 23:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-12 08:54 - 2018-11-09 02:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2017-10-20 16:42 - 2017-10-20 16:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe 2019-02-14 13:58 - 2019-02-06 02:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2019-02-14 13:55 - 2019-02-14 13:55 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe 2019-02-14 13:55 - 2019-02-14 13:55 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll 2017-12-01 08:50 - 2017-12-01 08:50 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll 2018-12-12 08:45 - 2018-12-12 08:46 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2019-02-14 13:55 - 2019-02-14 13:55 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll 2019-02-14 13:55 - 2019-02-14 13:55 - 009338368 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll 2019-02-14 13:53 - 2019-02-14 13:54 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2019-02-14 13:53 - 2019-02-14 13:54 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-10-05 07:47 - 2017-10-05 07:49 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2019-02-14 13:53 - 2019-02-14 13:53 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2019-01-17 09:40 - 2019-01-17 09:40 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2019-02-14 13:53 - 2019-02-14 13:54 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2019-02-14 13:53 - 2019-02-14 13:53 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-08-30 13:45 - 2018-08-30 13:45 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-07-26 14:15 - 2018-07-26 14:16 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2019-02-14 13:53 - 2019-02-14 13:54 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll 2018-08-20 13:35 - 2005-04-22 12:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2019-02-15 13:45 - 2019-02-13 05:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll 2019-02-15 13:45 - 2019-02-13 05:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll 2017-06-20 07:50 - 2019-02-20 08:25 - 000028968 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll 2017-06-20 07:50 - 2015-05-14 06:47 - 000113160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2016-11-25 09:18 - 2016-11-25 09:18 - 000139264 _____ () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2016-10-04 13:25 - 2018-01-18 14:39 - 001720832 _____ () C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2017-04-05 08:53 - 2017-11-07 18:55 - 000137728 _____ () C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll 2017-04-05 08:53 - 2017-11-07 18:55 - 000440832 _____ () C:\Program Files (x86)\ControlCenter4\Track.dll 2017-03-22 16:21 - 2018-01-18 14:39 - 000519168 _____ () C:\Program Files (x86)\Browny02\BrMonitor.dll 2016-07-29 16:06 - 2017-12-22 11:53 - 000180224 _____ () C:\Program Files (x86)\Browny02\BroSNMP.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000123918 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libgcc_s_dw2-1.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 001026062 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libstdc++-6.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000596986 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libcurl-4.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 003036430 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libsqlite3-0.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000374272 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\synocat-qt.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000120334 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\zlib1.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 003095505 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icuin53.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 001798570 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icuuc53.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 021565192 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icudt53.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000712704 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\platforms\qwindows.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000031744 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qgif.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000046080 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qicns.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000032768 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qico.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000516608 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qjp2.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000243200 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qjpeg.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000431616 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qtiff.dll 2017-01-27 14:33 - 2017-11-07 19:04 - 000095232 _____ () C:\Program Files (x86)\ControlCenter4\BrCcLGer.dll 2017-01-27 14:39 - 2017-08-18 10:23 - 000087552 _____ () C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll 2017-01-27 14:39 - 2017-08-18 10:23 - 017974784 _____ () C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll 2017-04-05 08:53 - 2017-11-07 18:55 - 000078848 _____ () C:\Program Files (x86)\ControlCenter4\BrCcSmon.dll 2017-04-05 08:53 - 2017-11-07 18:55 - 000124416 _____ () C:\Program Files (x86)\ControlCenter4\BrCcFcnv.dll 2017-04-05 08:53 - 2017-11-07 18:55 - 000955392 _____ () C:\Program Files (x86)\ControlCenter4\BrImgProc.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\fnmt.es -> hxxp://fnmt.es IE trusted site: HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\fnmt.es -> hxxps://fnmt.es IE trusted site: HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\fnmt.gob.es -> hxxps://fnmt.gob.es IE trusted site: HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\fnmt.gob.es -> hxxp://fnmt.gob.es ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-08-14 02:12 - 2019-02-20 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-4244124381-807929188-483639696-1002\Control Panel\Desktop\\Wallpaper -> E:\Werbungsdateien\daivoon\logo + signatur\logo daivoon.jpg DNS Servers: 80.58.61.250 - 80.58.61.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk" HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\StartupApproved\Run: => "ACDSeeCommanderPro10" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B22D0368-B633-463D-871F-F5BFBE886271}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{8F9B1081-1A6A-4D29-9A7B-3CE7085EF89D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation) FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{473A5D18-471E-460A-8068-9AFC641BA28A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{7948B0AE-DC1B-4772-9696-AF7DEF12948E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{81969E23-6DFC-4DCA-9B55-4EB96E0A2079}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C66B9B9E-398E-431B-81FF-4C360931F77E}] => (Allow) LPort=54925 FirewallRules: [{4D78B7A1-C7B1-4C26-B4BB-F516D80BA2F3}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) FirewallRules: [{059249A6-66BA-44F0-A913-CB950B72752F}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) FirewallRules: [{DA4A1EFA-81FE-41A8-9379-8236D751952B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{EE052B0F-51F3-4847-940D-F707CB240569}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{1B427644-CE8D-4DBF-BA43-EA108EEBCE5D}] => (Allow) LPort=54950 FirewallRules: [{2C948094-4850-4E50-BD83-A4F4C15E1F9E}] => (Allow) LPort=54955 FirewallRules: [{1231601B-7D88-455C-B93E-7782931C3F4B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/20/2019 09:11:45 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/20 09:11:45.972]: [00000636]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/20/2019 09:11:38 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/20 09:11:38.903]: [00000636]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/20/2019 09:11:31 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/20 09:11:31.836]: [00000636]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/20/2019 09:10:49 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/20 09:10:49.433]: [00000636]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/20/2019 09:10:42 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/20 09:10:42.370]: [00000636]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/20/2019 09:10:35 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/20 09:10:35.305]: [00000636]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/20/2019 09:09:52 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/20 09:09:52.898]: [00000636]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/20/2019 09:09:45 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/20 09:09:45.834]: [00000636]: Error GetInkSupplyType Send ( ErrCode == 5 ) System errors: ============= Error: (02/20/2019 08:41:02 AM) (Source: DCOM) (EventID: 10016) (User: BIG-ONE) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "BIG-ONE\Michaela Jedinger" (SID: S-1-5-21-4244124381-807929188-483639696-1002) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} und der APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (02/20/2019 08:26:13 AM) (Source: DCOM) (EventID: 10016) (User: BIG-ONE) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "BIG-ONE\Michaela Jedinger" (SID: S-1-5-21-4244124381-807929188-483639696-1002) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} und der APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} im Anwendungscontainer "Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (02/20/2019 08:25:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Launch" für die COM-Serveranwendung mit der CLSID Windows.SecurityCenter.WscBrokerManager und der APPID Unavailable im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (02/20/2019 08:25:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\NETWORK SERVICE" (SID: S-1-5-20) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} und der APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (02/20/2019 08:25:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\LOCAL SERVICE" (SID: S-1-5-19) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (02/20/2019 08:25:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\LOCAL SERVICE" (SID: S-1-5-19) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (02/20/2019 08:25:20 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY) Description: Fehler "126" beim Laden der Kennwortbenachrichtigungs-DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter". Stellen Sie sicher, dass der in der Registrierung definierte DLL-Pfad "HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages" sich auf einen korrekten und absoluten Pfad (<Laufwerk>:\<Pfad>\<Dateiname>.<Erw.>) bezieht und nicht auf einen relativen oder ungültigen Pfad. Wenn der DLL-Pfad falsch ist, stellen Sie sicher, dass sich alle Hilfsdateien im gleichen Verzeichnis befinden und dass das Systemkonto sowohl auf den DLL-Pfad als auch die Hilfsdateien Lesezugriff hat. Wenden Sie sich an den Anbieter der Benachrichtigungs-DLL, um weitere Unterstützung zu erhalten. Weitere Informationen finden Sie im Internet unter "hxxp://go.microsoft.com/fwlink/?LinkId=245898". Error: (02/20/2019 08:25:21 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 19/02/2019 um 17:29:46 unerwartet heruntergefahren. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4690T CPU @ 2.50GHz Percentage of memory in use: 54% Total physical RAM: 8063.19 MB Available physical RAM: 3684.45 MB Total Virtual: 9407.19 MB Available Virtual: 4961.91 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:108.69 GB) (Free:35.41 GB) NTFS Drive e: (Daivoon Daten) (Fixed) (Total:1397.23 GB) (Free:1168.45 GB) NTFS \\?\Volume{6e5953e4-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS \\?\Volume{6e5953e4-0000-0000-0000-60421b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 6E5953E4) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=108.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (Size: 1397.2 GB) (Disk ID: 16F2A91F) Partition: GPT. ==================== End of Addition.txt ============================ Programme öffne ich prinzipiell nur bekannte. Dinge die ich im Alltag eigentlich immer öffne. Keine mir bekannten, gefährlichen Seiten. Bis jetzt hatte ich noch nie soviele Fehlermeldungen. Liebe Grüße |
20.02.2019, 20:26 | #4 |
/// TB-Ausbilder | Virenprogram blockiert Dateien im Cache die JS:Adware.Agent.VTZ enthalten Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
Schritt 2
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
21.02.2019, 13:23 | #5 |
| Virenprogram blockiert Dateien im Cache die JS:Adware.Agent.VTZ enthalten Guten Morgen Matthias, Alles erledigt. Im Anhang die Files. AdwCleaner hat 1 Bedrohung gefunden, Mbam gar keine. Zur Info: Mein lieber Rechner meldet immer noch die gleiche Bedrohung. Sofort nach der Bereinigung fing Bitdefender wieder an, und auch gestern kam am laufenden Band die Virenwarnung, die Reinigung, die erneute Warnung. Problem besteht also leider noch. Hier die Log files: Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 7.2.7.0 # ------------------------------- # Build: 01-30-2019 # Database: 2019-02-19.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 02-21-2019 # Duration: 00:00:00 # OS: Windows 10 Pro # Cleaned: 1 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\Michaela Jedinger\AppData\Local\Temp\DMR ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Prefetch [+] Delete Tracing Keys [+] Reset Chromium Policies [+] Reset IE Policies [+] Reset Proxy Settings [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2236 octets] - [19/02/2019 16:31:55] AdwCleaner[C00].txt - [2236 octets] - [19/02/2019 16:32:30] AdwCleaner[S01].txt - [1425 octets] - [21/02/2019 07:54:14] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 21.02.19 Scan-Zeit: 07:59 Protokolldatei: a3ce00dc-35ae-11e9-9254-f81654dbb572.json -Softwaredaten- Version: 3.7.1.2839 Komponentenversion: 1.0.538 Version des Aktualisierungspakets: 1.0.9366 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 10 (Build 17134.590) CPU: x64 Dateisystem: NTFS Benutzer: BIG-ONE\Michaela Jedinger -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Scan gestartet von: Manuell Ergebnis: Abgeschlossen Gescannte Objekte: 331753 Erkannte Bedrohungen: 0 In die Quarantäne verschobene Bedrohungen: 0 Abgelaufene Zeit: 1 Min., 4 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 0 (keine bösartigen Elemente erkannt) Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 Ran by Michaela Jedinger (administrator) on BIG-ONE (21-02-2019 08:07:13) Running from C:\Users\Michaela Jedinger\Downloads Loaded Profiles: Michaela Jedinger (Available Profiles: defaultuser0 & Markus Schabel & Michaela Jedinger) Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: Englisch (Großbritannien) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe () C:\Windows\SysWOW64\SecUPDUtilSvc.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe () C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (Microsoft) C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe (Microsoft) C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\10.0\acdIDInTouch2.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Synology Inc.) C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Synology Inc.) C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-connect.exe (Synology Inc.) C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) ...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) ...\Run: [ACPW10DE] => C:\Program Files\ACD Systems\ACDSee Pro\10.0\acdIDInTouch2.exe [2157000 2017-01-18] (ACD Systems International -> ACD Systems) ...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech Inc -> Logitech, Inc.) ...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) ...\Run: [M17A] => C:\WINDOWS\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [77312 2017-10-19] (Microsoft Windows Hardware Compatibility Publisher -> ) ...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.) ...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed] ...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed] HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\Run: [ACDSeeCommanderPro10] => C:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe [3427808 2017-04-27] (ACD Systems International -> ) HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter Startup: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2017-06-15] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2018-09-07] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Drive.lnk [2019-02-21] ShortcutTarget: Synology Drive.lnk -> C:\Program Files (x86)\Synology\SynologyDrive\bin\launcher.exe (Synology Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{1091dfa6-8a35-489c-94b0-da16d7ccd78b}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{4811fc00-cbcf-4360-bc7d-2ba895abad78}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Tcpip\..\Interfaces\{dd171ed8-f4c5-44e0-9d50-6a5e49e6ecd5}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{ea30c1bf-cea6-4378-875e-55070ac6330c}: [DhcpNameServer] 80.58.61.250 80.58.61.254 Internet Explorer: ================== BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-12] (Bitdefender SRL -> Bitdefender) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-02-18] (Microsoft Corporation -> Microsoft Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.) BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-12] (Bitdefender SRL -> Bitdefender) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2019-01-14] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.) Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-12] (Bitdefender SRL -> Bitdefender) Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-12] (Bitdefender SRL -> Bitdefender) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-18] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: ltc7bcdm.default FF ProfilePath: C:\Users\Michaela Jedinger\AppData\Roaming\Mozilla\Firefox\Profiles\ltc7bcdm.default [2019-02-21] FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2018-12-12] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2018-10-29] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-09-11] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-02-18] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.at/" CHR Profile: C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default [2019-02-21] CHR Extension: (Präsentationen) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05] CHR Extension: (YouTube) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05] CHR Extension: (Telegram) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2017-07-06] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-11-05] CHR Extension: (Google News) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2016-11-05] CHR Extension: (Tabellen) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Bitdefender Wallet) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2018-12-12] CHR Extension: (Google Docs Offline) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20] CHR Extension: (AdBlock) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-16] CHR Extension: (Fade to Bright Aero Skin (by Skarv)) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniphhdbdangomdllnbbhhkofoggidgc [2016-11-05] CHR Extension: (WhatsGreen Multi Messenger) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbhfoiaobflocffnclkigpkeoagheimn [2019-01-14] CHR Extension: (Hootsuite) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2016-11-05] CHR Extension: (Google Maps) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-11-05] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Google Mail) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05] CHR Extension: (Chrome Media Router) - C:\Users\Michaela Jedinger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-16] CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-14] (Microsoft Windows Hardware Compatibility Publisher -> ) R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [779152 2018-12-12] (Bitdefender SRL -> Bitdefender) R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [779152 2018-12-12] (Bitdefender SRL -> Bitdefender) R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-03-22] (Bitdefender SRL -> Bitdefender) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11135560 2019-02-11] (Microsoft Corporation -> Microsoft Corporation) R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [95520 2019-02-01] (Bitdefender SRL -> Bitdefender) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [181512 2016-09-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel(R) pGFX -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (Arvato Digital Services Canada Inc -> arvato digital services llc) R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2018-06-11] (Samsung Electronics CO., LTD. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [290840 2018-06-27] (Synology Inc. -> ) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112656 2018-12-12] (Bitdefender SRL -> Bitdefender) R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2018-12-20] (Microsoft) [File not signed] R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248856 2018-05-11] (Synology Inc. -> ) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [804656 2018-12-12] (Bitdefender SRL -> Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation -> Microsoft Corporation) R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2018-12-20] (Microsoft) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-14] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 ASUSfilter; C:\WINDOWS\System32\drivers\ASUSfilter.sys [48384 2014-10-03] (MCCI Corporation -> MCCI Corporation) S3 ASUSstpt; C:\WINDOWS\System32\drivers\ASUSstpt.sys [27392 2014-10-03] (MCCI Corporation -> MCCI Corporation) S3 ASUSumsc; C:\WINDOWS\System32\drivers\ASUSumsc.sys [151808 2014-10-03] (MCCI Corporation -> MCCI Corporation) S3 ASUSxpsp; C:\WINDOWS\System32\drivers\ASUSxpsp.sys [28416 2014-10-03] (MCCI Corporation -> MCCI Corporation) S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-03-02] (AVAST Software s.r.o. -> The OpenVPN Project) R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1292296 2018-06-05] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA) R2 BdDci; C:\WINDOWS\System32\DRIVERS\bddci.sys [156912 2018-10-18] (Bitdefender SRL -> Bitdefender) S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-04-19] (Microsoft Windows Early Launch Anti-Malware Publisher -> Bitdefender) R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45728 2018-09-17] (Bitdefender SRL -> © Bitdefender SRL) R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-04-27] (Bitdefender SRL -> BitDefender) R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider) R0 cm_km; C:\WINDOWS\System32\drivers\cm_km.sys [389816 2015-07-05] (Kaspersky Lab -> Kaspersky Lab ZAO) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R0 Gemma; C:\WINDOWS\System32\DRIVERS\Gemma.sys [359584 2018-12-12] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA) R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [193184 2018-05-29] (Bitdefender SRL -> BitDefender LLC) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [221448 2016-09-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) R2 Ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [196352 2018-12-12] (Bitdefender SRL -> Bitdefender) R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [237488 2016-04-29] (Kaspersky Lab -> AO Kaspersky Lab) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-19] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-02-21] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-02-21] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-21] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-02-21] (Malwarebytes Corporation -> Malwarebytes) R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-11] (Microsoft Windows -> Intel Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [609576 2018-06-28] (Bitdefender SRL -> Bitdefender) S3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [25592 2015-11-05] (Unified Intents AB -> Windows (R) Win 7 DDK provider) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-21 08:06 - 2019-02-21 08:06 - 000001426 _____ C:\Users\Michaela Jedinger\Desktop\mbam.txt 2019-02-21 08:06 - 2019-02-21 08:06 - 000000000 ____D C:\Users\Michaela Jedinger\Downloads\FRST-OlderVersion 2019-02-21 07:57 - 2019-02-21 07:57 - 000001690 _____ C:\Users\Michaela Jedinger\Desktop\AdwCleaner[C01].txt 2019-02-21 07:56 - 2019-02-21 07:56 - 000072883 _____ C:\ProgramData\dm.update.1550735760.bdinstall.bin 2019-02-21 07:56 - 2019-02-21 07:56 - 000034949 _____ C:\ProgramData\dm.uninstall.1550735766.bdinstall.bin 2019-02-21 07:55 - 2019-02-21 07:55 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-02-21 07:55 - 2019-02-21 07:55 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-02-21 07:55 - 2019-02-21 07:55 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-02-21 07:55 - 2019-02-21 07:55 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-02-20 15:56 - 2019-02-20 15:56 - 000432684 _____ C:\Users\Michaela Jedinger\Downloads\01-02-2019_Facturacion_TB62E0024442.pdf 2019-02-20 15:55 - 2019-02-20 15:55 - 000106676 _____ C:\Users\Michaela Jedinger\Downloads\01-02-2019_FACTURA_TB62E0024442.pdf 2019-02-20 15:51 - 2019-02-20 15:51 - 000160119 _____ C:\Users\Michaela Jedinger\Downloads\Factura_202994826.pdf 2019-02-20 15:04 - 2019-02-20 15:04 - 000085266 _____ C:\Users\Michaela Jedinger\Downloads\Karen Wallace.pdf 2019-02-20 11:25 - 2018-09-20 04:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2019-02-20 09:11 - 2019-02-20 09:12 - 000046827 _____ C:\Users\Michaela Jedinger\Downloads\Addition.txt 2019-02-20 09:10 - 2019-02-21 08:07 - 000024817 _____ C:\Users\Michaela Jedinger\Downloads\FRST.txt 2019-02-20 09:10 - 2019-02-21 08:07 - 000000000 ____D C:\FRST 2019-02-20 09:09 - 2019-02-21 08:06 - 002435072 _____ (Farbar) C:\Users\Michaela Jedinger\Downloads\FRST64.exe 2019-02-19 16:55 - 2019-02-19 16:55 - 000000000 ____D C:\ProgramData\dbg 2019-02-19 16:54 - 2019-02-19 16:54 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\mbam 2019-02-19 16:54 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-02-19 16:49 - 2019-02-19 17:18 - 000000000 ____D C:\WINDOWS\Minidump 2019-02-19 16:49 - 2019-02-19 16:54 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-02-19 16:49 - 2019-02-19 16:49 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\mbamtray 2019-02-19 16:48 - 2019-02-19 16:54 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-02-19 16:48 - 2019-02-19 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-02-19 16:48 - 2019-02-19 16:48 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-02-19 16:48 - 2019-02-19 16:48 - 000000000 ____D C:\Program Files\Malwarebytes 2019-02-19 16:48 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-02-19 16:31 - 2019-02-19 16:32 - 000000000 ____D C:\AdwCleaner 2019-02-19 16:31 - 2019-02-19 16:31 - 007316688 _____ (Malwarebytes) C:\Users\Michaela Jedinger\Downloads\adwcleaner_7.2.7.0.exe 2019-02-19 16:17 - 2019-02-19 16:17 - 000004652 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-02-19 08:43 - 2019-02-19 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-02-16 14:28 - 2019-02-16 14:28 - 195155883 _____ C:\Users\Michaela Jedinger\Downloads\Engelhaidame final korr.MOV 2019-02-15 10:33 - 2019-02-20 17:50 - 002469512 _____ C:\Users\Michaela Jedinger\Desktop\Inventorio Daivoon 2019.xlsx 2019-02-14 13:58 - 2019-02-06 07:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-02-14 13:58 - 2019-02-06 07:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-02-14 13:58 - 2019-02-06 07:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-02-14 13:58 - 2019-02-06 07:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-02-14 13:58 - 2019-02-06 07:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-02-14 13:58 - 2019-02-06 07:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-02-14 13:58 - 2019-02-06 07:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-02-14 13:58 - 2019-02-06 07:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-02-14 13:58 - 2019-02-06 06:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2019-02-14 13:58 - 2019-02-06 06:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-02-14 13:58 - 2019-02-06 06:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-02-14 13:58 - 2019-02-06 06:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-02-14 13:58 - 2019-02-06 03:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-02-14 13:58 - 2019-02-06 03:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-02-14 13:58 - 2019-02-06 03:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-02-14 13:58 - 2019-02-06 03:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2019-02-14 13:58 - 2019-02-06 03:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-02-14 13:58 - 2019-02-06 03:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-02-14 13:58 - 2019-02-06 03:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-02-14 13:58 - 2019-02-06 03:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-02-14 13:58 - 2019-02-06 03:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-02-14 13:58 - 2019-02-06 03:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-02-14 13:58 - 2019-02-06 03:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-02-14 13:58 - 2019-02-06 03:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-02-14 13:58 - 2019-02-06 03:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys 2019-02-14 13:58 - 2019-02-06 03:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2019-02-14 13:58 - 2019-02-06 03:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2019-02-14 13:58 - 2019-02-06 03:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2019-02-14 13:58 - 2019-02-06 03:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2019-02-14 13:58 - 2019-02-06 03:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll 2019-02-14 13:58 - 2019-02-06 02:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys 2019-02-14 13:58 - 2019-02-06 02:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-02-14 13:58 - 2019-02-06 02:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-02-14 13:58 - 2019-02-06 02:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe 2019-02-14 13:58 - 2019-02-06 02:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-02-14 13:58 - 2019-02-06 02:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-02-14 13:58 - 2019-02-06 02:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-02-14 13:58 - 2019-02-06 02:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-02-14 13:58 - 2019-02-06 02:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-02-14 13:58 - 2019-02-06 02:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-02-14 13:58 - 2019-02-06 02:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll 2019-02-14 13:58 - 2019-02-06 02:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-02-14 13:58 - 2019-02-06 02:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2019-02-14 13:58 - 2019-02-06 02:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-02-14 13:58 - 2019-02-06 02:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-02-14 13:58 - 2019-02-06 02:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-02-14 13:58 - 2019-02-06 02:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-02-14 13:58 - 2019-02-06 02:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys 2019-02-14 13:58 - 2019-02-06 02:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2019-02-14 13:58 - 2019-02-06 02:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll 2019-02-14 13:58 - 2019-02-06 02:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-02-14 13:58 - 2019-02-06 02:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-02-14 13:58 - 2019-02-06 02:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys 2019-02-14 13:58 - 2019-02-06 02:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2019-02-14 13:58 - 2019-02-06 02:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-02-14 13:58 - 2019-02-06 02:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-02-14 13:58 - 2019-02-06 02:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2019-02-14 13:58 - 2019-02-06 02:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2019-02-14 13:58 - 2019-02-06 02:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-02-14 13:58 - 2019-02-06 02:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2019-02-14 13:58 - 2019-02-06 02:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll 2019-02-14 13:58 - 2019-02-06 02:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-02-14 13:58 - 2019-02-06 02:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-02-14 13:58 - 2019-02-06 02:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2019-02-14 13:58 - 2019-02-06 02:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-02-14 13:58 - 2019-02-06 02:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-02-14 13:58 - 2019-02-06 02:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys 2019-02-14 13:58 - 2019-02-06 01:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim 2019-02-14 13:58 - 2019-01-12 08:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-02-14 13:58 - 2019-01-12 02:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-02-14 13:58 - 2019-01-09 18:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2019-02-14 13:58 - 2019-01-09 17:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-02-14 13:58 - 2019-01-09 17:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-02-14 13:58 - 2019-01-09 17:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-02-14 13:58 - 2019-01-09 17:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-02-14 13:58 - 2019-01-09 17:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2019-02-14 13:58 - 2019-01-09 17:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2019-02-14 13:58 - 2019-01-09 17:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2019-02-14 13:58 - 2019-01-09 10:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2019-02-14 13:58 - 2019-01-09 09:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-02-14 13:58 - 2019-01-09 09:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2019-02-14 13:58 - 2019-01-09 08:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2019-02-14 13:58 - 2019-01-09 08:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-02-14 13:58 - 2019-01-09 05:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2019-02-14 13:58 - 2019-01-09 05:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-02-14 13:58 - 2019-01-09 05:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe 2019-02-14 13:58 - 2019-01-09 05:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-02-14 13:58 - 2019-01-09 05:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys 2019-02-14 13:58 - 2019-01-09 05:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-02-14 13:58 - 2019-01-09 05:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-02-14 13:58 - 2019-01-09 05:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2019-02-14 13:58 - 2019-01-09 05:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-02-14 13:58 - 2019-01-09 05:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys 2019-02-14 13:58 - 2019-01-09 05:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-02-14 13:58 - 2019-01-09 05:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe 2019-02-14 13:58 - 2019-01-09 05:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2019-02-14 13:58 - 2019-01-09 05:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2019-02-14 13:58 - 2019-01-09 05:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-02-14 13:58 - 2019-01-09 05:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2019-02-14 13:58 - 2019-01-09 05:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-02-14 13:58 - 2019-01-09 05:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-02-14 13:58 - 2019-01-09 05:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2019-02-14 13:58 - 2019-01-09 05:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-02-14 13:58 - 2019-01-09 05:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-02-14 13:58 - 2019-01-09 05:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-02-14 13:58 - 2019-01-09 05:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll 2019-02-14 13:58 - 2019-01-09 05:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-02-14 13:58 - 2019-01-09 05:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll 2019-02-14 13:58 - 2019-01-09 05:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll 2019-02-14 13:58 - 2019-01-09 05:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll 2019-02-14 13:58 - 2019-01-09 05:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll 2019-02-14 13:58 - 2019-01-09 05:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-02-14 13:58 - 2019-01-09 05:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2019-02-14 13:58 - 2019-01-09 05:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll 2019-02-14 13:58 - 2019-01-09 05:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-02-14 13:58 - 2019-01-09 05:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-02-14 13:58 - 2019-01-09 05:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-02-14 13:58 - 2019-01-09 05:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2019-02-14 13:58 - 2019-01-09 05:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-02-14 13:58 - 2019-01-09 05:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-02-14 13:58 - 2019-01-09 05:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2019-02-14 13:58 - 2019-01-09 05:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-02-14 13:58 - 2019-01-09 05:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2019-02-14 13:58 - 2019-01-09 04:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls 2019-02-14 13:58 - 2019-01-09 04:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls 2019-02-14 13:58 - 2019-01-08 09:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-02-14 13:58 - 2019-01-08 03:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-02-14 13:58 - 2019-01-08 03:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2019-02-14 13:58 - 2019-01-08 03:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-21 08:01 - 2018-06-11 08:48 - 000743778 _____ C:\WINDOWS\system32\perfh007.dat 2019-02-21 08:01 - 2018-06-11 08:48 - 000153086 _____ C:\WINDOWS\system32\perfc007.dat 2019-02-21 08:01 - 2018-06-11 08:03 - 001718588 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-02-21 08:01 - 2018-04-11 23:36 - 000000000 ____D C:\WINDOWS\INF 2019-02-21 08:00 - 2018-04-11 21:04 - 000065536 _____ C:\WINDOWS\system32\config\ELAM 2019-02-21 07:56 - 2018-07-04 15:41 - 000000000 ___RD C:\Users\Michaela Jedinger\Desktop\Portal to Daivoon Universe 2019-02-21 07:56 - 2018-07-04 15:41 - 000000000 ___RD C:\Users\Michaela Jedinger\Desktop\Papeles para Guardia Civil 2019-02-21 07:56 - 2018-06-11 07:56 - 000000000 ____D C:\Users\Michaela Jedinger 2019-02-21 07:55 - 2018-06-11 08:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-02-21 07:55 - 2018-04-11 23:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-02-21 07:55 - 2018-04-11 21:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-02-21 07:55 - 2017-06-20 07:50 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2019-02-21 07:55 - 2016-11-05 15:35 - 000000000 __SHD C:\Users\Michaela Jedinger\IntelGraphicsProfiles 2019-02-21 07:54 - 2018-11-21 10:47 - 000004983 _____ C:\bdlog.txt 2019-02-21 07:31 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-02-20 17:49 - 2018-06-11 07:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-02-20 17:39 - 2018-04-11 23:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-02-20 15:20 - 2017-11-30 10:55 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\Packages 2019-02-20 13:26 - 2018-04-11 23:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-02-20 13:15 - 2018-08-06 11:43 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\CrashDumps 2019-02-20 08:46 - 2018-06-11 08:01 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4244124381-807929188-483639696-1002 2019-02-20 08:46 - 2018-06-11 07:56 - 000002452 _____ C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-02-19 16:50 - 2018-07-04 10:33 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive 2019-02-19 16:48 - 2018-04-11 23:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-02-19 16:32 - 2017-03-04 07:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2019-02-19 16:32 - 2016-10-24 11:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-02-19 16:17 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-02-19 16:17 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-02-19 16:17 - 2017-05-28 12:14 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\Adobe 2019-02-19 16:03 - 2017-12-18 14:58 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Roaming\vlc 2019-02-19 16:02 - 2017-08-23 09:46 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Roaming\Tangysoft 2019-02-19 11:09 - 2018-06-11 12:04 - 000000000 ____D C:\Users\Michaela Jedinger\AppData\Local\D3DSCache 2019-02-19 08:55 - 2018-08-20 14:42 - 000001396 _____ C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002583 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002558 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-02-19 08:43 - 2018-10-23 08:31 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-02-19 08:43 - 2016-10-24 12:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-02-16 08:39 - 2018-11-16 09:01 - 000000000 ____D C:\Program Files\rempl 2019-02-15 15:02 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-02-14 14:56 - 2018-06-11 07:55 - 000486720 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-02-14 14:56 - 2017-03-11 12:09 - 000000000 ____D C:\Program Files\CCleaner 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ___SD C:\WINDOWS\system32\F12 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ___RD C:\Program Files\Windows Defender 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-02-14 14:55 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-02-14 13:58 - 2016-10-24 10:52 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-02-14 13:56 - 2018-07-19 13:40 - 000000000 ____D C:\ProgramData\Packages 2019-02-14 13:56 - 2016-10-24 10:52 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-02-02 22:53 - 2018-12-12 09:34 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-02-02 22:53 - 2018-12-12 09:34 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\dllhost.exe => File is digitally signed C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-06-11 07:55 ==================== End of FRST.txt ============================ --- --- --- [CODE]Additional FRST Logfile: FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 Ran by Michaela Jedinger (21-02-2019 08:08:19) Running from C:\Users\Michaela Jedinger\Downloads Windows 10 Pro Version 1803 17134.590 (X64) (2018-06-11 08:02:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4244124381-807929188-483639696-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4244124381-807929188-483639696-503 - Limited - Disabled) defaultuser0 (S-1-5-21-4244124381-807929188-483639696-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-4244124381-807929188-483639696-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4244124381-807929188-483639696-1004 - Limited - Enabled) Markus Schabel (S-1-5-21-4244124381-807929188-483639696-1001 - Administrator - Enabled) => C:\Users\Markus Schabel Michaela Jedinger (S-1-5-21-4244124381-807929188-483639696-1002 - Administrator - Enabled) => C:\Users\Michaela Jedinger WDAGUtilityAccount (S-1-5-21-4244124381-807929188-483639696-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5} FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) ACDSee Pro 10 (64-bit) (HKLM\...\{13E67D9D-8F6F-4709-B380-A04EC12343E7}) (Version: 10.4.0.686 - ACD Systems International Inc.) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 23.0.8.115 - Bitdefender) Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 23.0.19.85 - Bitdefender) Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 23.0.14.61 - Bitdefender) BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden Brother iPrint&Scan (HKLM-x32\...\{ED5378E9-6589-4A4B-8A27-27421DA1249F}) (Version: 4.2.1.0 - Brother Industries, Ltd.) Hidden Brother iPrint&Scan (HKLM-x32\...\{fe307697-ad44-486e-8c41-391ba10d0522}) (Version: 4.2.1.0 - Brother Industries, Ltd.) Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden Brother Printer Driver (HKLM-x32\...\{272543B6-B337-4C8F-B9F1-19E884C2C7AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden Brother Scanner Driver (HKLM-x32\...\{1162495D-7CE7-4EF9-A0F8-151196F3A660}) (Version: 1.0.17.1 - Brother Industries Ltd.) Hidden BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden calibre 64bit (HKLM\...\{7F000A1B-01E7-490F-B2EB-176FB4E4F967}) (Version: 2.80.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6389 - CDBurnerXP) CGS17_Setup_x64 (HKLM\...\{83646B67-A878-4E95-BB4B-AF4A6E61F28C}) (Version: 17.0 - Corel Corporation) Hidden Configurador_FNMT (HKLM-x32\...\{438D4C4C-B703-4971-9C3D-33FF8A010ADB}) (Version: 3.7 - FNMT-RCM) ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation) Corel Graphics - Windows Shell Extension (HKLM\...\{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.491 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{FD4A43CE-ABAE-4161-83AC-314A3C804F42}) (Version: 17.0.491 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Capture (x64) (HKLM\...\{2C91CB9D-323D-43E5-A433-229B71CFB773}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Common (x64) (HKLM\...\{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Connect (x64) (HKLM\...\{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Custom Data (x64) (HKLM\...\{5162E418-BB43-4C8F-ACD6-069645EF98C3}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Draw (x64) (HKLM\...\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - EN (x64) (HKLM\...\{3BB8EB77-737B-4B32-BAB9-08C7110C46BD}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Filters (x64) (HKLM\...\{D10A5CFA-FE33-4F06-AE37-554604F00A52}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - FontNav (x64) (HKLM\...\{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (HKLM\...\{C922F325-DD52-4E22-B204-431A06E63E51}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (HKLM\...\{1A73168F-5983-46A6-AAAB-FD83BC231E02}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Redist (x64) (HKLM\...\{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VBA (x64) (HKLM\...\{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (HKLM\...\{966996DC-D67C-40E3-8BD4-31FA0F093571}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation) Evernote v. 6.17.5 (HKLM-x32\...\{5A2A3CD0-183E-11E9-8FF6-005056951CAD}) (Version: 6.17.5.8273 - Evernote Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation) Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech) Malwarebytes Version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.11328.20070 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\OneDriveSetup.exe) (Version: 19.012.0121.0009 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla) Mozilla Thunderbird 60.0 (x86 de) (HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\Mozilla Thunderbird 60.0 (x86 de)) (Version: 60.0 - Mozilla) Mozilla Thunderbird 60.5.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 60.5.1 (x86 de)) (Version: 60.5.1 - Mozilla) NAPS2 5.8.1 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan) NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20070 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20070 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20070 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.11328.20070 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden PC-FAXReceive (HKLM-x32\...\{65EA2C86-30CD-444C-ADAB-8762BE4E2E8C}) (Version: 1.8.003.0 - Brother Insutries Ltd.) Hidden PCFaxTx (HKLM-x32\...\{03BF5A21-6363-410C-B3BE-0946B0012704}) (Version: 3.7.3.1 - Brother Industries Ltd.) Hidden PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.318.1 - Tracker Software Products Ltd) Personal Backup 5.9.3.0 (64-bit) (HKLM\...\Personal Backup 5_is1) (Version: 5.9.3.0 - Dr. J. Rathlev) RemoteSetup (HKLM-x32\...\{FAB8A30A-B074-48F9-9D73-5E9A757403F8}) (Version: 3.10.2.0 - Brother Industries Ltd.) Hidden ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden SoftwareUpdateNotification (HKLM-x32\...\{34F12379-C924-41E6-921D-51C71217F58C}) (Version: 1.0.9.0 - Brother Industries, Ltd.) Hidden StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: 6.2-23733 - Synology) Synology Drive (remove only) (HKLM\...\Synology Drive) (Version: 5.1.0.10544 - Synology, Inc.) Tangysoft (HKLM-x32\...\Tangysoft_is1) (Version: - Tangysoft Ltd.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation) UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN) waterMark V2 (HKLM-x32\...\waterMark V2) (Version: - ) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\ContextMenu.dll () CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-4244124381-807929188-483639696-1002_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll [2018-11-26] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll [2018-11-26] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll [2018-11-26] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll [2018-11-26] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\iconOverlay.dll [2018-11-26] (TODO: <Company name>) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2015-10-08] (ACD Systems International -> ACD Systems International Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1_S-1-5-21-4244124381-807929188-483639696-1002: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\ContextMenu.dll [2018-11-26] () ContextMenuHandlers6_S-1-5-21-4244124381-807929188-483639696-1002: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\20\x64\ContextMenu.dll [2018-11-26] () ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {005E0FAA-ACD8-46CF-AC36-7060110BD436} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software) Task: {1CF6A186-D311-4F31-B1CB-3F3342DC91DC} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe (Bitdefender SRL -> Bitdefender) Task: {296240A0-59AA-404D-BBEC-F1802C35B2DC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {2CED8AB1-0218-49F3-8A5B-5AD5BF16AF9B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {472E6BD9-036F-408F-89CE-FB14A9C44EE4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation) Task: {55736C0C-13F2-4860-A124-0B472DACBA74} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {85E6329C-35DE-4392-9ACD-2ECE743546EE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) Task: {951882DD-4D7E-42CA-AEF5-3C5A3B11614B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {AD564E71-9377-4DE0-AD91-23191C8EA11B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {AEECD0DA-ED7E-491A-962D-2703CF0C5DD6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {BBEEC4D4-2B93-4565-BF15-E55D894CE3D8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {BFF5EB1C-736F-4790-B425-81B1249B7DF2} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) Task: {C2791087-75AB-4C21-AC57-E7F28A32E211} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) Task: {C5BE9DBE-07B1-4CE6-A35A-5D1F6B80DD6D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd) Task: {D8C17006-0A63-4025-9C3E-2A540DAB841F} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe (Bitdefender SRL -> Bitdefender) Task: {DA5D43D1-EE0E-4709-8AD6-F6768AE0B4BE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {EC885B93-5AB9-4F6D-9347-46B9349949C1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {F477DD99-AC0C-4341-806A-E958B2288566} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hotspot Shield Free VPN Proxy – Unblock Sites.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=heajfgnegopeedndeahkdjedjkjcmnpb ShortcutWithArgument: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno ShortcutWithArgument: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WhatsChrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bgkodfmeijboinjdegggmkbkjfiagaan ShortcutWithArgument: C:\Users\Michaela Jedinger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5803ea45d7990e6f\WhatsChrome Extension.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kbhfoiaobflocffnclkigpkeoagheimn ==================== Loaded Modules (Whitelisted) ============== 2018-11-21 11:59 - 2018-11-21 11:59 - 000994752 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpbr.mdl 2018-11-21 11:59 - 2018-11-21 11:59 - 000544880 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpdsp.mdl 2018-11-21 11:59 - 2018-11-21 12:00 - 003240080 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttpph.mdl 2018-11-21 11:59 - 2018-11-21 12:00 - 001530368 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_002\ashttprbl.mdl 2017-03-14 12:44 - 2015-06-11 13:58 - 000022528 _____ () C:\WINDOWS\System32\ssm4mlm.dll 2017-03-08 12:40 - 2015-03-12 02:43 - 000022528 _____ () C:\WINDOWS\System32\us013lm.dll 2017-06-20 07:50 - 2015-05-14 06:47 - 000936456 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2018-06-11 12:18 - 2018-06-11 12:18 - 000143664 ____N () C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe 2018-06-27 11:57 - 2018-06-27 11:57 - 000290840 _____ () C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe 2018-05-11 11:21 - 2018-05-11 11:21 - 000248856 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe 2018-04-11 23:34 - 2018-04-11 23:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2018-04-11 23:34 - 2018-04-11 23:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-12 08:54 - 2018-11-09 02:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2017-10-20 16:42 - 2017-10-20 16:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe 2019-02-14 13:58 - 2019-02-06 02:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2019-02-14 13:55 - 2019-02-14 13:55 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe 2019-02-14 13:55 - 2019-02-14 13:55 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll 2017-12-01 08:50 - 2017-12-01 08:50 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll 2018-12-12 08:45 - 2018-12-12 08:46 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2019-02-14 13:55 - 2019-02-14 13:55 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll 2019-02-14 13:55 - 2019-02-14 13:55 - 009338368 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll 2018-08-20 13:35 - 2005-04-22 12:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2017-06-20 07:50 - 2019-02-21 07:55 - 000028968 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll 2017-06-20 07:50 - 2015-05-14 06:47 - 000113160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2016-11-25 09:18 - 2016-11-25 09:18 - 000139264 _____ () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2017-04-05 08:53 - 2017-11-07 18:55 - 000137728 _____ () C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll 2017-04-05 08:53 - 2017-11-07 18:55 - 000440832 _____ () C:\Program Files (x86)\ControlCenter4\Track.dll 2016-10-04 13:25 - 2018-01-18 14:39 - 001720832 _____ () C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2017-03-22 16:21 - 2018-01-18 14:39 - 000519168 _____ () C:\Program Files (x86)\Browny02\BrMonitor.dll 2016-07-29 16:06 - 2017-12-22 11:53 - 000180224 _____ () C:\Program Files (x86)\Browny02\BroSNMP.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000123918 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libgcc_s_dw2-1.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 001026062 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libstdc++-6.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000596986 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libcurl-4.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 003036430 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libsqlite3-0.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000374272 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\synocat-qt.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 001798570 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icuuc53.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000120334 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\zlib1.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 003095505 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icuin53.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 021565192 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icudt53.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000712704 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\platforms\qwindows.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000031744 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qgif.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000046080 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qicns.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000032768 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qico.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000516608 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qjp2.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000243200 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qjpeg.dll 2018-11-26 15:26 - 2018-11-26 15:26 - 000431616 _____ () C:\Users\Michaela Jedinger\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qtiff.dll 2017-01-27 14:33 - 2017-11-07 19:04 - 000095232 _____ () C:\Program Files (x86)\ControlCenter4\BrCcLGer.dll 2017-01-27 14:39 - 2017-08-18 10:23 - 000087552 _____ () C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll 2017-01-27 14:39 - 2017-08-18 10:23 - 017974784 _____ () C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll 2017-04-05 08:53 - 2017-11-07 18:55 - 000078848 _____ () C:\Program Files (x86)\ControlCenter4\BrCcSmon.dll 2017-04-05 08:53 - 2017-11-07 18:55 - 000124416 _____ () C:\Program Files (x86)\ControlCenter4\BrCcFcnv.dll 2017-04-05 08:53 - 2017-11-07 18:55 - 000955392 _____ () C:\Program Files (x86)\ControlCenter4\BrImgProc.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\fnmt.es -> hxxp://fnmt.es IE trusted site: HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\fnmt.es -> hxxps://fnmt.es IE trusted site: HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\fnmt.gob.es -> hxxps://fnmt.gob.es IE trusted site: HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\fnmt.gob.es -> hxxp://fnmt.gob.es ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-08-14 02:12 - 2019-02-21 07:55 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-4244124381-807929188-483639696-1002\Control Panel\Desktop\\Wallpaper -> E:\Werbungsdateien\daivoon\logo + signatur\logo daivoon.jpg DNS Servers: 80.58.61.250 - 80.58.61.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-4244124381-807929188-483639696-1002\...\StartupApproved\Run: => "ACDSeeCommanderPro10" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B22D0368-B633-463D-871F-F5BFBE886271}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{8F9B1081-1A6A-4D29-9A7B-3CE7085EF89D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation) FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{473A5D18-471E-460A-8068-9AFC641BA28A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{7948B0AE-DC1B-4772-9696-AF7DEF12948E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{81969E23-6DFC-4DCA-9B55-4EB96E0A2079}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C66B9B9E-398E-431B-81FF-4C360931F77E}] => (Allow) LPort=54925 FirewallRules: [{4D78B7A1-C7B1-4C26-B4BB-F516D80BA2F3}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) FirewallRules: [{059249A6-66BA-44F0-A913-CB950B72752F}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) FirewallRules: [{DA4A1EFA-81FE-41A8-9379-8236D751952B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{EE052B0F-51F3-4847-940D-F707CB240569}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{1B427644-CE8D-4DBF-BA43-EA108EEBCE5D}] => (Allow) LPort=54950 FirewallRules: [{2C948094-4850-4E50-BD83-A4F4C15E1F9E}] => (Allow) LPort=54955 FirewallRules: [{1231601B-7D88-455C-B93E-7782931C3F4B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/21/2019 08:08:47 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/21 08:08:47.858]: [00011180]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/21/2019 08:08:05 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/21 08:08:05.373]: [00011180]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/21/2019 08:07:58 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/21 08:07:58.282]: [00011180]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/21/2019 08:07:51 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/21 08:07:51.194]: [00011180]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/21/2019 08:07:08 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/21 08:07:08.721]: [00011180]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/21/2019 08:07:01 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/21 08:07:01.654]: [00011180]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/21/2019 08:06:54 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/21 08:06:54.585]: [00011180]: Error GetInkSupplyType Send ( ErrCode == 5 ) Error: (02/21/2019 08:06:12 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: MTDLL BrtMTDLL: [2019/02/21 08:06:12.147]: [00011180]: Error GetInkSupplyType Send ( ErrCode == 5 ) System errors: ============= Error: (02/21/2019 08:05:06 AM) (Source: DCOM) (EventID: 10016) (User: BIG-ONE) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "BIG-ONE\Michaela Jedinger" (SID: S-1-5-21-4244124381-807929188-483639696-1002) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} und der APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (02/21/2019 07:56:27 AM) (Source: DCOM) (EventID: 10016) (User: BIG-ONE) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "BIG-ONE\Michaela Jedinger" (SID: S-1-5-21-4244124381-807929188-483639696-1002) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} und der APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (02/21/2019 07:56:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Launch" für die COM-Serveranwendung mit der CLSID Windows.SecurityCenter.WscBrokerManager und der APPID Unavailable im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (02/21/2019 07:55:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\LOCAL SERVICE" (SID: S-1-5-19) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (02/21/2019 07:55:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\LOCAL SERVICE" (SID: S-1-5-19) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (02/21/2019 07:55:14 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY) Description: Fehler "126" beim Laden der Kennwortbenachrichtigungs-DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter". Stellen Sie sicher, dass der in der Registrierung definierte DLL-Pfad "HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages" sich auf einen korrekten und absoluten Pfad (<Laufwerk>:\<Pfad>\<Dateiname>.<Erw.>) bezieht und nicht auf einen relativen oder ungültigen Pfad. Wenn der DLL-Pfad falsch ist, stellen Sie sicher, dass sich alle Hilfsdateien im gleichen Verzeichnis befinden und dass das Systemkonto sowohl auf den DLL-Pfad als auch die Hilfsdateien Lesezugriff hat. Wenden Sie sich an den Anbieter der Benachrichtigungs-DLL, um weitere Unterstützung zu erhalten. Weitere Informationen finden Sie im Internet unter "hxxp://go.microsoft.com/fwlink/?LinkId=245898". Error: (02/21/2019 07:54:53 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Bitdefender Virus Shield konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (02/21/2019 07:54:35 AM) (Source: DCOM) (EventID: 10010) (User: BIG-ONE) Description: Der Server "{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4690T CPU @ 2.50GHz Percentage of memory in use: 38% Total physical RAM: 8063.19 MB Available physical RAM: 4967.81 MB Total Virtual: 9471.19 MB Available Virtual: 6522.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:108.69 GB) (Free:35.08 GB) NTFS Drive e: (Daivoon Daten) (Fixed) (Total:1397.23 GB) (Free:1168.45 GB) NTFS \\?\Volume{6e5953e4-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS \\?\Volume{6e5953e4-0000-0000-0000-60421b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 6E5953E4) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=108.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (Size: 1397.2 GB) (Disk ID: 16F2A91F) Partition: GPT. ==================== End of Addition.txt ============================ --- --- --- Liebe Grüße Update: Jemand hat mich angeschrieben und gemeint er hätte das gleiche Problem (mit Chrome und Kaspersky). Bei ihm hätte das Deaktivieren der Erweiterungen in Chrome geholfen. Da Erweiterungen deaktivieren ja keine große Sache ist, hab ich die verdächtigere Erweiterung - nämlich WhatsGreen Multi Messenger - deaktiviert. Seit diesem Zeitpunkt: Keine weiteren Meldungen des Virenprogrammes mehr. Das ist jetzt knapp eine Stunde her (was definitiv lange ist im Verhältnis zu den letzten Tagen). Ich habe trotzdem offene Fragen: 1. Ist das System nun infiziert, oder hat das Virenprogramm erfolgreich alles geblockt? 2. Wenn 1 Computer infiziert ist, sind dann auch mein Handy und mein Laptop infiziert - ich verwende den gleichen Chrome mit den gleichen Erweiterungen auf allen Geräten. Wobei Bitdefender auf den anderen Geräten nicht angeschlagen hat. 3. Die APP verwende ich schon lange - weil sie mal empfohlen wurde von einer bekannten Zeitschrift. Wie passiert sowas? (damit ich mich in Zukunft schützen kann) Liebe Grüße |
21.02.2019, 15:44 | #6 | |||
/// TB-Ausbilder | Virenprogram blockiert Dateien im Cache die JS:Adware.Agent.VTZ enthaltenZitat:
Die Erweiterung selbst hat dein AV nicht entfernt, das kannst du ja selbst machen. Zitat:
Es besteht theoretisch jedoch die Möglichkeit, dass man sich durch die Syncronisierung von Chrome auch Adware auf andere Geräte holt, bei dieser Erweiterung ist sowas allerdings nicht der Fall. Zitat:
Mein nächster Schritt wäre gewesen, dass du deine CHR-Erweiterungen auf "Verdächtige" überprüfst, was du ja selbst getan hast. Schritt 1
Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt: Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst... Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen. Hinweis: Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
22.02.2019, 19:14 | #7 |
| Virenprogram blockiert Dateien im Cache die JS:Adware.Agent.VTZ enthalten Guten Abend, Es ist leider zum Super Gau gekommen. Mein lieber Computer meinte gestern, einfach zu sterben. Offensichtlicher Mainboard Schaden. Ich vermute mal der Virus war nicht Schuld, da ja alle Scans clean waren. Wohl ein blöder Zufall. Ich schreibe demnach von einem sauberen, weil neuen System. :-) Ich möchte aber trotzem für die tolle Hilfe danken. Es war wirklich super wie schnell und verständlich alles angeleitet wurden. Echt top!!! Die Erweiterung hab ich natürlich entfernt, damit der neue Rechner sauber bleibt!!! Liebe Grüße Michi |
22.02.2019, 21:47 | #8 |
/// TB-Ausbilder | Virenprogram blockiert Dateien im Cache die JS:Adware.Agent.VTZ enthalten Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. |
Themen zu Virenprogram blockiert Dateien im Cache die JS:Adware.Agent.VTZ enthalten |
aktiv, bitdefender, blockiert, cache, computer, dateien, daten, daten sammeln, defender, empfehlen, folge, folgende, frage, funktionieren, gefährliche, google, heute, infizierte, laden, malware, malware / adware / spyware etc, programm, quarantäne, seite, seiten, software, websites, websites blockiert |