| |
| |||||||
Log-Analyse und Auswertung: TR Bagle zip erkannt aber kann nicht entfernt werdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.09.2021, 00:59
| #1 |
 |  TR Bagle zip erkannt aber kann nicht entfernt werden Hallo ihr Lieben, Nach einem Scan mit McAfee-Total Protection und TotalAV wurde bei mir die Datei TR/Bagle.zip erkannt. Nach Quarantaene und weiteren Scans kam jedoch immer wieder die selbe Meldung und nach etwas suchen bin ich dann auf einen aehnlichen Beitrag hier gestossen. Dort habe ich auch gesehen dass ihr McAfee absolut ablehnt und Windows Defender empfehlt, bevor ich jedoch irgendwas deinstalliere, dachte ich mache ich hier lieber den Post und bitte euch, euch das anzuschauen. Ich danke schonmal in Vorraus fuer eure Hilfe! Frst: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2021
Ran by sarah (administrator) on DESKTOP-GFVHT56 (Megaport 47-164630) (22-09-2021 01:25:31)
Running from C:\Users\sarah\Downloads
Loaded Profiles: sarah
Platform: Windows 10 Home Version 20H2 19042.1237 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Allegorithmic, SAS -> Allegorithmic an Adobe Company) C:\Program Files\Allegorithmic\Substance Launcher\Substance Launcher.exe <3>
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSProtectedService.exe
(Discord Inc. -> Discord Inc.) C:\Users\sarah\AppData\Local\Discord\app-1.0.9002\Discord.exe <6>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.8.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(GOG Sp. z o.o. -> GOG.com) D:\Programms\GOG Galaxy\GalaxyClient Helper.exe <2>
(GOG Sp. z o.o. -> GOG.com) D:\Programms\GOG Galaxy\GalaxyClient.exe
(GOG Sp. z o.o. -> GOG.com) D:\Programms\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <40>
(Huawei Technologies Co., Ltd. -> ) C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ChromiumContainer\delegate.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.9.126.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_9\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\CoreUI\Launch.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\McAfee\MSC\MfeBrowserHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\ProgramData\McAfee\McInstruTrack\McInstruTrack.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\sarah\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\sarah\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\sarah\AppData\Local\Microsoft\Teams\current\Teams.exe <10>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.1.6.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe <2>
(OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe <2>
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) D:\Huion Tablet\Huion Tablet.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) D:\Huion Tablet\x64\TabletDriverCore.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Valve -> Valve Corporation) D:\Programms\Games\steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) D:\Programms\Games\steam\steam.exe
(Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\CoreScanner.exe
(Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\HidKeyboardEmulator.exe
(Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\RSMDriverProviderService.exe
(Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\ScannerService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353408 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779504 2021-07-01] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33318368 2021-09-08] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Discord] => C:\Users\sarah\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Substance Launcher] => C:\Program Files\Allegorithmic\Substance Launcher\Substance Launcher.exe [93987576 2021-06-23] (Allegorithmic, SAS -> Allegorithmic an Adobe Company)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [GogGalaxy] => D:\Programms\GOG Galaxy\GalaxyClient.exe [13728096 2021-08-19] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [TabletDriver] => D:\Huion Tablet\x64\TabletDriverCore.exe [334568 2020-12-16] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Battle.net] => D:\Programms\Games\Battle.net\Battle.net.exe [1079184 2021-09-09] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Steam] => D:\Programms\Games\steam\steam.exe [4282600 2021-09-14] (Valve -> Valve Corporation)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\MountPoints2: {b5fb518b-caab-11eb-9793-18c04daad6b9} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\MountPoints2: {b6c40de3-ba4b-11eb-978e-18c04daad6b9} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-14] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Huion Tablet.lnk [2021-05-04]
ShortcutTarget: Huion Tablet.lnk -> D:\Huion Tablet\Huion Tablet.exe (Shenzhen Huion Animation Technology Co.,LTD -> )
Startup: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spywatch.lnk [2021-05-16] <==== ATTENTION
ShortcutTarget: Spywatch.lnk -> C:\Users\sarah\AppData\Roaming\Spywatch\SPYWATCH.EXE (No File)
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {22F5B16A-5874-46CF-8A63-F8838BC604A4} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4623976 2020-10-19] (McAfee, LLC -> McAfee, LLC)
Task: {29C72D8D-61B3-43CF-AB25-36DB159018EF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {33D82B57-9D43-42E6-A524-8E032C2FA2D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-30] (Google LLC -> Google LLC)
Task: {341B91ED-C627-4A6C-B36A-1C124A0E6ADE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3972F85B-BA30-4786-A806-DBDC13FF6CE7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993400 2020-10-30] (McAfee, LLC -> McAfee, LLC)
Task: {566AD36F-A6A3-45FE-AF08-76765C3E66FA} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {624C1D9A-554E-4E7D-A71D-7232CEA10AC2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139096 2021-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6FBB1B56-1B01-4B58-B17C-B3E74CEB9D08} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7094EAA4-0DFB-4320-82DB-511F5623B775} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139096 2021-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {73BA23F9-39E1-41E8-B331-EB280625063E} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [736704 2020-11-03] (McAfee, LLC -> McAfee, LLC)
Task: {850202D7-C3EB-47C6-8A65-5415CE5B5819} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D43F512-873D-4B60-890E-D3D7DACE041C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8EE7DC68-31AB-4D4B-A4D6-24797B22794C} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8FDEE456-E745-4BD7-B6C8-8AD826DE3D1E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {92E02A09-8E6B-45CA-8930-56D11614214F} - System32\Tasks\McInstruTrack => C:\ProgramData\McAfee\McInstruTrack\McInstruTrack.exe [775360 2020-12-14] (McAfee, LLC. -> McAfee, LLC.)
Task: {974268DB-47D0-4A0C-9A6C-2E098866F8B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-30] (Google LLC -> Google LLC)
Task: {9D9D96BC-329A-4BF9-B24B-8605733ABD73} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A2724F55-D9FE-4150-B332-92A7F67C6CAC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AA8E0250-CD29-4B58-86A8-43E0C6EACAE2} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CDE53AAB-B24F-4854-AE13-24F0118D23B0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {E83C436B-7D44-4936-B70B-DA097C7F3116} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993400 2020-10-30] (McAfee, LLC -> McAfee, LLC)
Task: {EA12FC5E-698D-4FF0-9294-CE70F8FBF648} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EE5C371F-25EC-4A15-B6E7-A06269DA86E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F02B39E4-0482-4FB4-8230-C3B8D231D6A1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {F1283ECA-7012-4554-A75A-0958FA2167D7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FBB00AF4-5599-469C-9862-382369B8F4E2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD3DA893-9575-436C-8AF5-76F5B7BABD31} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4000984 2020-11-04] (McAfee, LLC -> McAfee, LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{946c339f-f40f-4ade-9ea6-c3c0a3209da2}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{a1264e5e-f4a3-4903-a297-d320d1050b28}: [DhcpNameServer] 192.168.120.250
Tcpip\..\Interfaces\{d1256d2c-c313-4b1f-9a9c-a0b46ef245b7}: [DhcpNameServer] 192.168.120.250
Tcpip\..\Interfaces\{fc0f2e7e-eb78-46d6-ac89-363fbb9f20b0}: [DhcpNameServer] 192.168.120.250
Edge:
=======
Edge Profile: C:\Users\sarah\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-22]
FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-09-21] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-11-04] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-07-01] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-11-04] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-07-01] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default [2021-09-22]
CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.lieferando.de; hxxps://www.pinterest.de
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Präsentationen) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-30]
CHR Extension: (Docs) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-30]
CHR Extension: (Google Drive) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-30]
CHR Extension: (YouTube) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-30]
CHR Extension: (Cookie Watch) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmogeohlpljgihhbafbnincahfmafbfn [2021-05-16]
CHR Extension: (Tabellen) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-30]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-09-21]
CHR Extension: (Total Adblock - Ad Blocker) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekdekpbfehejjiecgonmgmepbdnaggp [2021-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-29]
CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-09-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-30]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-09-19]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2021-06-24]
CHR Extension: (Google Mail) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-30]
CHR Extension: (Avast AntiTrack Premium) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdidpcihajhihmghhhkfnpklgdehold [2021-09-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0117641632252917mcinstcleanup; C:\ProgramData\McInstTemp0117641632252917\McInst.exe [871048 2020-11-03] (McAfee, LLC -> McAfee, LLC)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842480 2021-07-01] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMSProtectedService; C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe [639304 2021-05-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
R2 CoreScanner; C:\Program Files\Zebra Technologies\Barcode Scanners\Common\CoreScanner.exe [690688 2019-09-19] (Zebra Technologies) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2021-05-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [595944 2021-08-14] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 GalaxyClientService; D:\Programms\GOG Galaxy\GalaxyClientService.exe [1955680 2021-08-19] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-07-18] (GOG Sp. z o.o. -> GOG.com)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2020-12-05] (Huawei Technologies Co., Ltd. -> )
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [953544 2021-09-21] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_9\McApExe.exe [779592 2020-11-04] (McAfee, LLC -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [583344 2020-11-03] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.9.126.0\\McCSPServiceHost.exe [2785184 2020-11-30] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [646248 2020-09-14] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [646248 2020-09-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [646248 2020-09-14] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1584272 2020-11-27] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4217416 2020-11-27] (McAfee, LLC -> McAfee, LLC)
R2 rsmdriverproviderservice; C:\Program Files\Zebra Technologies\Barcode Scanners\Common\RSMDriverProviderService.exe [136192 2019-09-23] (Zebra Technologies) [File not signed]
R2 ScnSrvc; C:\Program Files\Zebra Technologies\Barcode Scanners\Common\ScannerService.exe [288256 2019-09-19] (Zebra Technologies) [File not signed]
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [263976 2021-05-14] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
R2 SecurityServiceMonitor; C:\Program Files (x86)\TotalAV\SecurityService.exe [263976 2021-05-14] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10301672 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 AMSElamDriver; C:\Windows\System32\drivers\amselam.sys [21976 2021-05-13] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208176 2020-12-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [197176 2020-12-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2020-12-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75704 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18944 2020-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2021-04-21] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2020-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [89096 2020-05-26] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [531896 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [385464 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85944 2020-09-22] (Microsoft Windows Early Launch Anti-Malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522168 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [1019832 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [603072 2020-09-17] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [107968 2020-09-17] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116664 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252344 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6438816 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
R3 vmulti; C:\Windows\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2021-09-08] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [433384 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R1 webshieldfilter; C:\Windows\System32\drivers\webshieldfilter.sys [96264 2020-12-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-22 01:25 - 2021-09-22 01:26 - 000033024 _____ C:\Users\sarah\Downloads\FRST.txt
2021-09-22 01:24 - 2021-09-22 01:25 - 000000000 ____D C:\FRST
2021-09-22 01:23 - 2021-09-22 01:23 - 002304512 _____ (Farbar) C:\Users\sarah\Downloads\FRST64.exe
2021-09-21 22:14 - 2021-05-13 11:15 - 000021976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\amselam.sys
2021-09-21 22:13 - 2020-12-09 19:37 - 000208176 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2021-09-21 22:13 - 2020-12-09 19:37 - 000197176 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2021-09-21 22:13 - 2020-12-09 19:37 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2021-09-21 22:06 - 2021-09-21 22:06 - 000000000 ____D C:\Users\sarah\OneDrive\Documents\TotalAV
2021-09-21 22:06 - 2020-12-09 19:37 - 000096264 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\webshieldfilter.sys
2021-09-21 22:03 - 2021-09-21 22:13 - 000000000 ____D C:\Program Files (x86)\TotalAV
2021-09-21 22:03 - 2021-09-21 22:03 - 000001153 _____ C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2021-09-21 22:03 - 2021-09-21 22:03 - 000001067 _____ C:\Users\Public\Desktop\TotalAV.lnk
2021-09-21 22:03 - 2021-09-21 22:03 - 000000000 ____D C:\Users\sarah\AppData\Local\GUI
2021-09-21 22:03 - 2021-09-21 22:03 - 000000000 ____D C:\ProgramData\TotalAV
2021-09-21 22:03 - 2021-09-21 22:03 - 000000000 ____D C:\ProgramData\SecuritySuite
2021-09-21 22:02 - 2021-09-21 22:02 - 056445176 _____ C:\Users\sarah\Downloads\TotalAV_Setup.exe
2021-09-21 21:38 - 2021-09-21 21:38 - 000003018 _____ C:\Windows\system32\Tasks\McInstruTrack
2021-09-21 21:38 - 2021-09-21 21:38 - 000002138 _____ C:\Users\Public\Desktop\McAfee® Total Protection.lnk
2021-09-21 21:38 - 2021-09-21 21:38 - 000000000 __RSD C:\Users\sarah\OneDrive\Documents\McAfee Vaults
2021-09-21 21:38 - 2021-09-21 21:38 - 000000000 ____D C:\Users\sarah\AppData\Local\McAfee File Lock
2021-09-21 21:38 - 2021-09-21 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-09-21 21:38 - 2020-05-26 00:12 - 000089096 _____ (McAfee, LLC) C:\Windows\system32\Drivers\McPvDrv.sys
2021-09-21 21:37 - 2020-05-26 00:11 - 000218960 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2021-09-21 21:36 - 2021-09-21 21:36 - 000003332 _____ C:\Windows\system32\Tasks\McAfeeLogon
2021-09-21 21:35 - 2021-09-21 22:35 - 000003710 _____ C:\Windows\system32\Tasks\McAfee Remediation (Prepare)
2021-09-21 21:35 - 2021-09-21 21:38 - 000000000 ____D C:\Program Files\McAfee
2021-09-21 21:35 - 2021-09-21 21:38 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-09-21 21:35 - 2021-09-21 21:37 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2021-09-21 21:35 - 2021-09-21 21:37 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-09-21 21:35 - 2021-09-21 21:35 - 000000000 ____D C:\ProgramData\McInstTemp0117641632252917
2021-09-21 21:35 - 2021-09-21 21:35 - 000000000 ____D C:\Program Files\McAfee.com
2021-09-21 21:35 - 2021-09-21 21:35 - 000000000 ____D C:\Program Files\Common Files\AV
2021-09-21 21:35 - 2020-09-14 14:01 - 000579040 _____ (McAfee, LLC) C:\Windows\system32\mfevtps.exe
2021-09-21 21:28 - 2021-09-21 22:02 - 000000000 ____D C:\ProgramData\McAfee
2021-09-21 21:28 - 2021-09-21 21:28 - 000000000 _____ C:\Users\sarah\AppData\Roaming\MCVi2UserDetail.ini
2021-09-20 14:53 - 2021-09-20 14:56 - 000000000 ___HD C:\adobeTemp
2021-09-19 16:03 - 2021-09-19 16:03 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-09-19 16:03 - 2021-09-19 16:03 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-09-19 16:03 - 2021-09-19 16:03 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-09-19 16:03 - 2021-09-19 16:03 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE
2021-09-19 16:03 - 2021-09-19 16:03 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-09-19 16:03 - 2021-09-19 16:03 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-09-19 16:03 - 2021-09-19 16:03 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-09-19 16:03 - 2021-09-19 16:03 - 000426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-09-19 16:03 - 2021-09-19 16:03 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-09-19 16:03 - 2021-09-19 16:03 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-09-19 16:03 - 2021-09-19 16:03 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-09-19 16:03 - 2021-09-19 16:03 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2021-09-19 16:03 - 2021-09-19 16:03 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2021-09-19 16:03 - 2021-09-19 16:03 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-09-19 16:03 - 2021-09-19 16:03 - 000011355 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-09-19 15:56 - 2021-09-19 15:56 - 000000000 ___HD C:\$WinREAgent
2021-08-28 15:09 - 2021-08-28 15:09 - 000000266 _____ C:\Windows\system32\SettingsFile.xml
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-22 01:11 - 2021-04-30 17:26 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-22 00:53 - 2021-04-30 22:29 - 000000000 ____D C:\Users\sarah\AppData\Roaming\discord
2021-09-22 00:52 - 2021-04-30 22:29 - 000000000 ____D C:\Users\sarah\AppData\Local\Discord
2021-09-22 00:52 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-09-22 00:51 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-22 00:38 - 2020-11-19 09:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-21 23:58 - 2021-05-16 20:30 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Spywatch
2021-09-21 23:33 - 2021-01-19 09:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-09-21 22:14 - 2021-06-03 11:15 - 000000000 ____D C:\Users\sarah\AppData\Local\CrashDumps
2021-09-21 22:14 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-09-21 21:38 - 2019-12-07 11:14 - 000000124 _____ C:\Windows\win.ini
2021-09-21 21:37 - 2021-04-30 17:21 - 000000000 ____D C:\Users\sarah\AppData\Local\D3DSCache
2021-09-21 21:36 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-09-21 21:24 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-21 21:24 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-21 13:11 - 2021-04-30 17:32 - 000000000 ____D C:\ProgramData\NVIDIA
2021-09-20 14:57 - 2021-07-21 18:10 - 000741554 _____ C:\Windows\system32\perfh007.dat
2021-09-20 14:57 - 2021-07-21 18:10 - 000149804 _____ C:\Windows\system32\perfc007.dat
2021-09-20 14:57 - 2021-01-19 09:23 - 001722792 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-20 14:56 - 2021-07-01 15:41 - 000000000 ___RD C:\Users\sarah\Creative Cloud Files
2021-09-20 14:54 - 2021-05-07 21:07 - 000000000 ____D C:\Users\sarah\AppData\Local\Battle.net
2021-09-20 14:53 - 2021-05-03 15:31 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2021-09-20 14:52 - 2021-05-03 13:12 - 000000000 ____D C:\Users\sarah\AppData\Roaming\substancelinkopentcp
2021-09-20 14:52 - 2021-05-03 13:12 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Substance Launcher
2021-09-20 14:52 - 2021-04-30 17:22 - 000000000 ___RD C:\Users\sarah\OneDrive
2021-09-20 14:50 - 2021-01-19 09:18 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-20 14:50 - 2020-11-19 09:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-19 17:57 - 2019-12-07 11:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-09-19 17:56 - 2021-01-19 09:25 - 000000185 _____ C:\Windows\system32\symbscnr.log.bak
2021-09-19 17:56 - 2020-11-19 09:30 - 000446160 _____ C:\Windows\system32\FNTCACHE.DAT
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-09-19 17:55 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2021-09-19 16:25 - 2021-06-01 11:51 - 000002371 _____ C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-09-19 16:05 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-09-19 16:02 - 2021-01-19 10:12 - 000000000 ____D C:\Program Files\Microsoft Office
2021-09-19 15:56 - 2021-01-19 09:22 - 000000000 ____D C:\Windows\system32\MRT
2021-09-19 15:54 - 2021-01-19 09:22 - 135637312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-18 11:36 - 2020-11-19 09:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-18 11:36 - 2020-11-19 09:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-16 16:35 - 2021-05-04 22:08 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-09-14 23:01 - 2021-04-30 17:27 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-14 23:01 - 2021-04-30 17:27 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-10 16:06 - 2021-04-30 17:22 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1447197201-901239501-998365885-1001
2021-09-10 16:06 - 2021-04-30 17:22 - 000002386 _____ C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-08 19:12 - 2020-11-19 09:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-09-08 13:33 - 2021-05-04 22:07 - 000000000 ____D C:\Program Files\Adobe
2021-08-31 12:30 - 2021-01-19 09:23 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-08-29 14:13 - 2021-05-02 23:45 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
==================== Files in the root of some directories ========
2021-09-21 21:28 - 2021-09-21 21:28 - 000000000 _____ () C:\Users\sarah\AppData\Roaming\MCVi2UserDetail.ini
2021-07-05 16:23 - 2021-07-05 16:38 - 000001456 _____ () C:\Users\sarah\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-07-03 18:57 - 2021-07-03 18:57 - 000000000 _____ () C:\Users\sarah\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
|
|
22.09.2021, 01:00
| #2 |
| |  TR Bagle zip erkannt aber kann nicht entfernt werden Hier die Fortsetzung: addition.txt
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2021
Ran by sarah (22-09-2021 01:27:47)
Running from C:\Users\sarah\Downloads
Windows 10 Home Version 20H2 19042.1237 (X64) (2021-04-27 17:14:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1447197201-901239501-998365885-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1447197201-901239501-998365885-503 - Limited - Disabled)
Guest (S-1-5-21-1447197201-901239501-998365885-501 - Limited - Disabled)
sarah (S-1-5-21-1447197201-901239501-998365885-1001 - Administrator - Enabled) => C:\Users\sarah
WDAGUtilityAccount (S-1-5-21-1447197201-901239501-998365885-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Total AV (Enabled - Up to date) {B185458D-38B3-A010-10F7-3D378DAA6032}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: BullGuard Antivirus (Disabled - Out of date) {0C5A09FB-657F-B94D-DF1B-BB843C6EE0E4}
FW: BullGuard Firewall (Enabled) {346188DE-2F10-B815-F444-12B1C2BDA79F}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.5.0.617 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated)
Adobe Substance 3D Painter 7.2.0 (HKLM\...\{2a8bbb68-725b-477c-9194-60efc5ece348}_is1) (Version: 7.2.0 - Adobe)
Allegorithmic Substance Painter 7.1.0 (HKLM\...\{33C3E9E2-0675-4196-9019-28AB9C5E9BB0}_is1) (Version: 7.1.0 - Allegorithmic)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blender (HKLM\...\{D6E38255-FB12-4724-A6FF-075B43272C66}) (Version: 2.92.0 - Blender Foundation)
Discord (HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 11.0.0.500 - Huawei Technologies Co., Ltd.)
Huion Tablet v14.8.173.1510 (HKLM\...\{62047893-F186-48B8-83A5-1C74D8666D19}_is1) (Version: v14.8.173.1510 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R29 - McAfee, LLC)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.52 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\OneDriveSetup.exe) (Version: 21.160.0808.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Teams) (Version: 1.4.00.22976 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040C-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0410-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0413-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Spywatch (HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Spywatch) (Version: 1.5.0 - Spywatch)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Substance Launcher 1.7.0-beta.546 (HKLM\...\{8b9320fe-2b31-562a-9f54-9956b024276d}) (Version: 1.7.0-beta.546 - Allegorithmic an Adobe Company)
T16 Wired Gaming Mouse (HKLM-x32\...\{444BE55C-4B14-4DB8-9922-6846C1437677}_is1) (Version: 1.0.3 - )
TotalAV (HKLM-x32\...\TotalAV) (Version: 5.15.69 - TotalAV) <==== ATTENTION
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
VALORANT (HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.163 - McAfee, LLC)
Windows Driver Package - Zebra Technologies Inc. (WinUSB) WinUSB devices (03/31/2018 1.0.0.6) (HKLM\...\45BED3BBD4732BEB270707C3769191B9C55708E6) (Version: 03/31/2018 1.0.0.6 - Zebra Technologies Inc.)
WinRAR 6.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
Zebra CoreScanner Driver (64bit) (HKLM\...\{7D4D3B5A-E53F-4B75-84BF-1977077AEA3D}) (Version: 3.04.0011 - Zebra Technologies) Hidden
Zebra CoreScanner Driver (64bit) (HKLM-x32\...\InstallShield_{7D4D3B5A-E53F-4B75-84BF-1977077AEA3D}) (Version: 3.04.0011 - Zebra Technologies)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-07-01] (Adobe Systems Incorporated)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.8.0_x86__1sdd7yawvg6ne [2021-06-30] (File-New-Project) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10913.5785.0_x64__8wekyb3d8bbwe [2021-09-21] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-03] (NVIDIA Corp.)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.16.0_x64__8wekyb3d8bbwe [2021-06-30] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1447197201-901239501-998365885-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-62EEA2FEC753} -> [Creative Cloud Files] => C:\Users\sarah\Creative Cloud Files [2021-07-01 15:41]
CustomCLSID: HKU\S-1-5-21-1447197201-901239501-998365885-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\sarah\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21161.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1447197201-901239501-998365885-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1447197201-901239501-998365885-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-11-04] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programms\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programms\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\nvshext.dll [2021-07-13] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-11-04] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programms\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programms\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-05-14 12:24 - 2021-05-14 12:24 - 000239104 _____ () [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\DotNetZip.dll
2021-09-20 14:52 - 2021-09-20 14:52 - 000180224 _____ () [File not signed] \\?\C:\Users\sarah\AppData\Local\Temp\0ffc3984-b6a8-427b-a5d1-243854b6b435.tmp.node
2021-09-20 14:52 - 2021-09-20 14:52 - 000161280 _____ () [File not signed] \\?\C:\Users\sarah\AppData\Local\Temp\cb5ff972-f301-47ba-9b3b-55162bab28d5.tmp.node
2019-08-15 19:13 - 2019-08-15 19:13 - 000989184 _____ () [File not signed] C:\Program Files (x86)\TotalAV\e_sqlite3.DLL
2021-05-14 12:22 - 2021-05-14 12:22 - 000113664 _____ () [File not signed] C:\Program Files (x86)\TotalAV\Netlib.dll
2021-06-30 12:08 - 2021-06-23 18:12 - 002126848 _____ () [File not signed] C:\Program Files\Allegorithmic\Substance Launcher\ffmpeg.dll
2021-06-30 12:08 - 2021-06-23 18:12 - 000109056 _____ () [File not signed] C:\Program Files\Allegorithmic\Substance Launcher\libegl.dll
2021-06-30 12:08 - 2021-06-23 18:12 - 005103616 _____ () [File not signed] C:\Program Files\Allegorithmic\Substance Launcher\libglesv2.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000047104 _____ (havendv) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\NamedPipeServerStream.NetFrameworkVersion.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000353792 _____ (hxxps://system.data.sqlite.org/) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Data.SQLite.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000010752 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Accessibility.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000293888 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.CSharp.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000028160 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.Extensions.DependencyInjection.Abstractions.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000062976 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.Extensions.DependencyInjection.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000038912 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.Extensions.Logging.Abstractions.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000024576 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.Extensions.Logging.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000041472 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.Extensions.Options.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000029184 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.Extensions.Primitives.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000007680 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.Win32.Primitives.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000033792 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.Win32.Registry.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 003406336 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\PresentationCore.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000242176 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\PresentationFramework.Aero2.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 005783040 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\PresentationFramework.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000008704 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\PresentationFramework-SystemData.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000008192 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\PresentationFramework-SystemXml.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000167424 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Collections.Immutable.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000035328 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Collections.NonGeneric.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000032256 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Collections.Specialized.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000005632 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.ComponentModel.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000014336 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.ComponentModel.EventBasedAsync.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000021504 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.ComponentModel.Primitives.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000259072 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.ComponentModel.TypeConverter.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000365568 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Configuration.ConfigurationManager.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000062976 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Console.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000954368 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Data.Common.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000040960 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Diagnostics.DiagnosticSource.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000119808 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Diagnostics.EventLog.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000012288 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Diagnostics.FileVersionInfo.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000105472 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Diagnostics.Process.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000403968 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Drawing.Common.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000047616 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Drawing.Primitives.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000091136 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.IO.Compression.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000034816 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.IO.FileSystem.AccessControl.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000086016 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.IO.FileSystem.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000016896 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.IO.FileSystem.DriveInfo.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000028160 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.IO.FileSystem.Watcher.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000108544 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.IO.Packaging.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000054272 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.IO.Pipes.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000127488 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Linq.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000541696 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Linq.Expressions.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000284160 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Management.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000532992 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Net.Http.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000036352 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Net.NameResolution.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000079872 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Net.NetworkInformation.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000079872 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Net.Primitives.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000130560 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Net.Requests.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000225792 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Net.Security.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000014336 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Net.ServicePoint.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000193024 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Net.Sockets.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000057344 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Net.WebClient.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000026112 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Net.WebHeaderCollection.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000035328 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.ObjectModel.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 003054080 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Private.Xml.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000025088 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Reflection.DispatchProxy.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000434688 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Reflection.Metadata.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000007168 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Runtime.CompilerServices.Unsafe.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000006656 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Runtime.CompilerServices.VisualC.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000010752 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Runtime.InteropServices.RuntimeInformation.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000062976 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Runtime.Numerics.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000010752 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Runtime.Serialization.Primitives.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000078848 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Security.AccessControl.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000038912 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Security.Claims.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Security.Cryptography.Algorithms.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000067072 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Security.Cryptography.Csp.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000031232 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Security.Cryptography.Encoding.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000277504 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Security.Cryptography.Pkcs.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000040960 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Security.Cryptography.Primitives.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000180736 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Security.Cryptography.X509Certificates.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000079360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Security.Permissions.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000060416 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Security.Principal.Windows.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000050176 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.ServiceProcess.ServiceController.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000726528 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Text.Encoding.CodePages.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000137216 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Text.RegularExpressions.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000017920 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Threading.AccessControl.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000141312 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Transactions.Local.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000014848 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Web.HttpUtility.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000734208 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Windows.Controls.Ribbon.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000046592 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Windows.Extensions.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 006715392 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Windows.Forms.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000564736 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\System.Xaml.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000032768 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\UIAutomationProvider.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000200704 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\UIAutomationTypes.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 001046528 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\WindowsBase.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000086016 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\WindowsFormsIntegration.dll
2006-07-20 18:19 - 2006-07-20 18:19 - 000223744 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\xmllite.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000132096 _____ (Microsoft.AppCenter) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000013312 _____ (Microsoft.AppCenter.Analytics) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.Analytics.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000041984 _____ (Microsoft.AppCenter.Crashes) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Microsoft.AppCenter.Crashes.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000683008 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Newtonsoft.Json.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000030720 _____ (pwm) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\pwm.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000066048 _____ (Raygun) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Mindscape.Raygun4Net.NetCore.Common.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000004608 _____ (Raygun) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Mindscape.Raygun4Net.NetCore.dll
2020-04-05 19:36 - 2020-04-05 19:36 - 001343488 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\TotalAV\SQLite.Interop.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000005632 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\SQLitePCLRaw.batteries_v2.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000045568 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\SQLitePCLRaw.core.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000005120 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\SQLitePCLRaw.nativelibrary.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000056320 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\SQLitePCLRaw.provider.dynamic_cdecl.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000038912 _____ (Stephen Cleary) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Nito.AsyncEx.Coordination.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000032256 _____ (Stephen Cleary) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Nito.AsyncEx.Tasks.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000015360 _____ (Stephen Cleary) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Nito.Collections.Deque.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000007168 _____ (Stephen Cleary) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Nito.Disposables.dll
2020-12-09 19:37 - 2020-12-09 19:37 - 002650112 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\libcrypto-1_1.dll
2020-12-09 19:37 - 2020-12-09 19:37 - 000641024 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\libssl-1_1.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000076288 _____ (UiPath) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\UiPath.CoreIpc.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000389632 _____ (Utilizr) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Utilizr.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000041472 _____ (Utilizr.NotifyIcon) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Utilizr.NotifyIcon.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000033280 _____ (Utilizr.OpenVPN) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Utilizr.OpenVPN.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000040960 _____ (Utilizr.VPN) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Utilizr.VPN.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000014848 _____ (Utilizr.VPN.RasSharp.NetCore) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Utilizr.VPN.RasSharp.NetCore.dll
2021-05-14 12:24 - 2021-05-14 12:24 - 000376320 _____ (Utilzr.WPF) [File not signed] [File is in use] C:\Program Files (x86)\TotalAV\Utilzr.WPF.dll
2019-09-19 20:51 - 2019-09-19 20:51 - 000365056 _____ (Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\BTTrans.dll
2019-09-23 10:53 - 2019-09-23 10:53 - 000078848 _____ (Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\DriverADF.dll
2019-09-19 20:51 - 2019-09-19 20:51 - 000413696 _____ (Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\IBMHIDTrans.dll
2019-09-19 20:51 - 2019-09-19 20:51 - 000309760 _____ (Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\IBMHIDTTTrans.dll
2019-09-23 10:53 - 2019-09-23 10:53 - 000059392 _____ (Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\NIXBTrans.dll
2019-09-23 10:55 - 2019-09-23 10:55 - 000156672 _____ (Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\RSMDriverProvider.dll
2019-09-19 20:51 - 2019-09-19 20:51 - 000478208 _____ (Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\SNAPITrans.dll
2019-09-19 20:52 - 2019-09-19 20:52 - 000486400 _____ (Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\SSITrans.dll
2019-09-19 20:52 - 2019-09-19 20:52 - 000361472 _____ (Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\symbscnr.dll
2019-09-19 20:51 - 2019-09-19 20:51 - 000265216 _____ (Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\USBHIDKBTrans.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1447197201-901239501-998365885-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1447197201-901239501-998365885-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=NMTE
SearchScopes: HKLM -> DefaultScope {097C1C62-B6C5-4298-8AD7-15708B4D01E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
SearchScopes: HKLM -> {097C1C62-B6C5-4298-8AD7-15708B4D01E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
SearchScopes: HKLM-x32 -> DefaultScope {097C1C62-B6C5-4298-8AD7-15708B4D01E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
SearchScopes: HKLM-x32 -> {097C1C62-B6C5-4298-8AD7-15708B4D01E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-09-21] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-09-21] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-11-04] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-11-04] (McAfee, LLC -> McAfee, LLC)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sarah\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Caddy2.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A9C71BA0-4605-4815-80F8-428FDB36D4F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2DFCD093-7C88-4AA9-9A6C-7FB24DBCC5AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{47A99C55-A590-4571-B476-217DA7AFA220}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{B23A7968-0A31-406E-8235-B46E9567CF52}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{B615C8AE-33B1-4E80-95FD-C24103703EE8}C:\program files (x86)\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7D350F66-BDED-4284-A3B4-A950C8A23CB2}C:\program files (x86)\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{2E827B5C-27AA-43CA-98DB-7F06789943B6}D:\programms\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\programms\ue_4.26\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [UDP Query User{9DBD7CFB-EEB3-4DE2-A205-84AFFEFC82E4}D:\programms\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\programms\ue_4.26\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [TCP Query User{CA7181C3-6FB0-4C8F-AE95-A36518A1EEB9}C:\program files\allegorithmic\substance painter\substance painter.exe] => (Allow) C:\program files\allegorithmic\substance painter\substance painter.exe (Allegorithmic, SAS -> Allegorithmic)
FirewallRules: [UDP Query User{CD21F23C-7D27-418D-BC4A-64D8A5F1C524}C:\program files\allegorithmic\substance painter\substance painter.exe] => (Allow) C:\program files\allegorithmic\substance painter\substance painter.exe (Allegorithmic, SAS -> Allegorithmic)
FirewallRules: [TCP Query User{0B6F4EAD-F7AA-476C-8130-B9FE924A7BF0}D:\programms\games\overwatch\_retail_\overwatch.exe] => (Block) D:\programms\games\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{E73905D1-A6C4-4342-BF75-E41EB3C643AD}D:\programms\games\overwatch\_retail_\overwatch.exe] => (Block) D:\programms\games\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{B198C2CA-354F-4BBB-A48A-0C7FF10A3D06}] => (Allow) D:\Programms\Games\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FD587E2F-472A-4EA6-860E-24BB753B8A2E}] => (Allow) D:\Programms\Games\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BDB9F46C-8621-4D9C-BAAA-9606014EB3F3}] => (Allow) D:\Programms\Games\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1030F194-695E-402D-9015-D0A8568727BD}] => (Allow) D:\Programms\Games\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{01BADA1E-AC1C-4F58-97A5-7CBBF6A68FF2}] => (Allow) D:\Programms\Games\steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{5B322A16-C384-47D5-B157-1FBF82C43056}] => (Allow) D:\Programms\Games\steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{E557D592-9ECF-438C-9866-85E5A298F486}] => (Allow) D:\Programms\Games\steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{B309D7C4-61E9-4447-9CD8-8B4BE9CEBF94}] => (Allow) D:\Programms\Games\steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{A8D29A2F-82B2-46B3-871C-05FF41C704AC}] => (Allow) D:\Programms\Games\steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{42075232-D103-467E-99D6-8AF34A97F948}] => (Allow) D:\Programms\Games\steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{44019CE0-8B9F-4652-BC89-ABB5EDAAB387}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{FC350A31-E9E2-4D50-A9E7-A457795C4524}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{512F1C2C-5B01-4737-8A2C-374AF6D8DF5C}D:\uni\2021\haw\game project\cooptest3\windowsnoeditor\projectdesert\binaries\win64\projectdesert.exe] => (Allow) D:\uni\2021\haw\game project\cooptest3\windowsnoeditor\projectdesert\binaries\win64\projectdesert.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{DFCDFC29-0333-42C6-961B-EA0F2D09AB7B}D:\uni\2021\haw\game project\cooptest3\windowsnoeditor\projectdesert\binaries\win64\projectdesert.exe] => (Allow) D:\uni\2021\haw\game project\cooptest3\windowsnoeditor\projectdesert\binaries\win64\projectdesert.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{5B6D43EA-C5D9-4E93-95C2-92CDB4A2E91C}] => (Allow) D:\Programms\Games\steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [{E5AD957E-EA2E-4D5E-A9C1-39DCD98073EB}] => (Allow) D:\Programms\Games\steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [{DC786520-8D90-425F-B707-0DF0BBE93E23}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{73CEC35F-B4E7-4C5A-ABF5-97CA7693DCE0}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{17A386E8-2F49-4659-8284-BB43CF2B8050}C:\users\sarah\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\sarah\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{E2032ADD-FC7D-496E-97A1-93EDD984E5A3}C:\users\sarah\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\sarah\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2695B30F-B8C6-4856-A7B6-274453060858}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C74B179D-474A-4C7B-8D70-90BCC8DAF547}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0632C357-C15E-470E-ABB8-426EE4F9EB4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{120A3F5E-3FF6-4D1D-8076-6D3F0CE5CFE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E4B43E5A-E6D5-48C4-8A83-7B22CE96C6D4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{B1BDEE15-19A9-48AA-A61F-8A22E81C66AF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{7E4B0073-9A51-46EA-A169-B743949938E5}] => (Allow) D:\Programms\Games\steam\steamapps\common\Back4BloodBeta\Gobi\Binaries\Win64\Back4Blood.exe => No File
FirewallRules: [{3E9438B5-9841-43E4-B8E6-42E8A09FB6CC}] => (Allow) D:\Programms\Games\steam\steamapps\common\Back4BloodBeta\Gobi\Binaries\Win64\Back4Blood.exe => No File
FirewallRules: [{84680941-99FE-4A8F-98FB-03A20C8D0753}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CF472C9B-CE85-4BDF-9270-EA43145D169F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63707763-14DC-4B87-BCA7-498A42EDD47F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2660F595-99A7-43EC-B443-32B2FB6D0C5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{AB70655E-0F5D-495A-81E4-933072B1A59C}D:\programms\games\overwatch\_retail_\overwatch.exe] => (Allow) D:\programms\games\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{79C6C6A1-87E1-432A-8A18-8EE8ADBC0641}D:\programms\games\overwatch\_retail_\overwatch.exe] => (Allow) D:\programms\games\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{7F6A504E-16FA-43BB-A21A-EA185EB1F145}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F61F124F-E093-47EC-A4E9-ECE5EF7151F5}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{A2E411EE-F624-4BDA-AE10-5C4856C233A3}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{F900098B-7495-4C86-905A-2E0AC5CF8E46}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{14195CB4-EBD5-49A2-BE7F-0512BBBCE0F3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{BC45C408-EB47-40B3-B280-5B038B562529}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{C24656C1-F0FD-45D9-A17A-AF9527DFE9A4}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
==================== Restore Points =========================
19-09-2021 15:56:15 Windows Modules Installer
21-09-2021 23:32:52 Removed Samsung_MonSetup
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/21/2021 11:30:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: amsprotectedservice.exe, version: 15.0.1910.1603, time stamp: 0x5d9c5f72
Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0xef8beaeb
Exception code: 0xc0000005
Fault offset: 0x00044073
Faulting process id: 0x117c
Faulting application start time: 0x01d7af25374f6aa3
Faulting application path: C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: d5469faf-c464-4f68-91da-675b036b6431
Faulting package full name:
Faulting package-relative application ID:
Error: (09/21/2021 09:44:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.14326.20388, time stamp: 0x613af544
Faulting module name: hxcomm.dll, version: 16.0.14326.20388, time stamp: 0x613af479
Exception code: 0x2329e89c
Fault offset: 0x00000000001e7b2c
Faulting process id: 0x1988
Faulting application start time: 0x01d7aee40ba5a710
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxTsr.exe
Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\hxcomm.dll
Report Id: 1483e737-d82a-4bfd-9d43-c53b6aa905b0
Faulting package full name: microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (09/19/2021 04:07:30 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on HDD (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (09/12/2021 05:01:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on HDD (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (09/05/2021 02:10:34 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on HDD (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (09/04/2021 10:00:44 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on HDD (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (08/29/2021 01:01:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on HDD (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (08/22/2021 01:38:07 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on HDD (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
System errors:
=============
Error: (09/22/2021 01:14:26 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume E:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (09/22/2021 01:14:26 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume93
Error: (09/22/2021 01:14:26 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume E:.
The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline.
Error: (09/18/2021 01:15:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GFVHT56)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/18/2021 01:15:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GFVHT56)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/18/2021 01:15:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GFVHT56)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/18/2021 01:15:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GFVHT56)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/18/2021 01:15:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GFVHT56)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2021-09-20 20:50:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-19 16:06:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-17 21:56:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-17 21:52:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-13 19:23:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2021-09-22 01:04:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSAgent.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\MfeAV\AMSIExt_x86.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F52 12/09/2020
Motherboard: Gigabyte Technology Co., Ltd. B450 GAMING X
Processor: AMD Ryzen 7 2700 Eight-Core Processor
Percentage of memory in use: 63%
Total physical RAM: 16330.86 MB
Available physical RAM: 5919.81 MB
Total Virtual: 33738.86 MB
Available Virtual: 15892.12 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:446.14 GB) (Free:304.08 GB) NTFS
Drive d: (HDD) (Fixed) (Total:931.5 GB) (Free:665.83 GB) NTFS
Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:443.25 GB) NTFS
\\?\Volume{7d434eaf-5836-4230-a1f0-55d3899f9e01}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.32 GB) NTFS
\\?\Volume{278a5f48-c34d-4485-9abd-556f5e4223ac}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 447.1 GB) (Disk ID: 5485529C)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
und shortcut: Code:
ATTFilter Users shortcut scan result (x64) Version: 20-09-2021
Ran by sarah (22-09-2021 01:29:43)
Running from C:\Users\sarah\Downloads
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Creative Cloud.lnk -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc.)
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> D:\Programms\Games\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\Users\Public\Desktop\GeForce Experience.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\Users\Public\Desktop\GOG GALAXY.lnk -> D:\Programms\GOG Galaxy\GalaxyClient.exe (GOG.com)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Public\Desktop\Huion Tablet.lnk -> D:\Huion Tablet\Huion Tablet.exe ()
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> D:\Programms\Games\steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\Substance Launcher.lnk -> C:\Program Files\Allegorithmic\Substance Launcher\Substance Launcher.exe (Allegorithmic an Adobe Company)
Shortcut: C:\Users\Public\Desktop\TotalAV.lnk -> C:\Program Files (x86)\TotalAV\TotalAV.exe (TotalAV)
Shortcut: C:\Users\sarah\Links\Desktop.lnk -> C:\Users\sarah\OneDrive\Desktop ()
Shortcut: C:\Users\sarah\Links\Downloads.lnk -> C:\Users\sarah\Downloads ()
Shortcut: C:\Users\sarah\Creative Cloud Files\_Cloud documents.lnk -> C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe ()
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\sarah\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk -> C:\Program Files (x86)\TotalAV\TotalAV.exe (TotalAV)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> D:\Programms\Rar.txt ()
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> D:\Programms\WinRAR.chm ()
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> D:\Programms\WhatsNew.txt ()
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> D:\Programms\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spywatch.lnk -> C:\Users\sarah\AppData\Roaming\Spywatch\SPYWATCH.EXE (No File)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spywatch\Spywatch.lnk -> C:\Users\sarah\AppData\Roaming\Spywatch\SPYWATCH.EXE (No File)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiSuite\HiSuite.lnk -> C:\Program Files (x86)\HiSuite\HiSuite.exe (华为技术有限公司 版权所有)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiSuite\Uninstall.lnk -> C:\Program Files (x86)\HiSuite\uninst.exe ()
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender\blender.lnk -> C:\Program Files\Blender Foundation\Blender 2.92\blender.exe (No File)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop 2020.lnk -> C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe (Adobe)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\blender.lnk -> D:\Programms\Blender Foundation\Blender 2.92\blender.exe (Blender Foundation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\T16 Wired Gaming Mouse.lnk -> C:\Program Files (x86)\T16 Wired Gaming Mouse\OemDrv.exe ()
Shortcut: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\McAfee® Total Protection.lnk -> C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, LLC) -> /desktopicon /platui
ShortcutWithArgument: C:\Users\Public\Desktop\Overwatch.lnk -> D:\Programms\Games\Overwatch\Overwatch Launcher.exe (Blizzard Entertainment) -> --productcode=pro
ShortcutWithArgument: C:\Users\Public\Desktop\VALORANT.lnk -> D:\Programms\Games\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc.) -> --launch-product=valorant --launch-patchline=live
ShortcutWithArgument: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\sarah\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk -> C:\Users\sarah\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Discord.lnk -> C:\Users\sarah\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\sarah\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
InternetURL: C:\Users\sarah\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
==================== End of Shortcut.txt =============================
|
|
22.09.2021, 08:35
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR Bagle zip erkannt aber kann nicht entfernt werdenZitat:
__________________ |
|
22.09.2021, 08:42
| #4 |
| | TR Bagle zip erkannt aber kann nicht entfernt werden Windows 10 Rechner. Entschuldigung, ich bin mir nicht hundertprozentig sicher was mit Fundort gemeint ist. TotalAV zeigt mir nur die Bezeichnung der zip datei. |
|
22.09.2021, 09:03
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR Bagle zip erkannt aber kann nicht entfernt werden Dann schau bitte ins Log rein. Einfach nur der Schädlingsname ist komplett sinnfrei.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.09.2021, 09:16
| #6 |
| | TR Bagle zip erkannt aber kann nicht entfernt werden In den logs fand ich folgendes: Nachdem MCAfee die Datei in die Quarantaene gesetzt hat, wurde er trotzdem nochmal erkannt. Ich bin noch auf der Suche nach den Logs von McAfee und ergaenze sobald ich die gefunden habe. Code:
ATTFilter 2021-09-21 20:57:28,910 : threat : INFO : on-demand infected file: file<C:\ProgramData\McAfee\VirusScan\Quarantine\quarantine\fb3ac5bd-451a-4138-bce7-3b32735b39a5.zip> : type<TR/Bagle.Zip> : null
2021-09-21 21:42:57,407 : threat : INFO : on-demand infected file: file<C:\ProgramData\McAfee\VirusScan\Quarantine\quarantine\fb3ac5bd-451a-4138-bce7-3b32735b39a5.zip> : type<TR/Bagle.Zip> : null
2021-09-21 22:14:25,256 : threat : INFO : on-demand infected file: file<C:\ProgramData\McAfee\VirusScan\Quarantine\quarantine\fb3ac5bd-451a-4138-bce7-3b32735b39a5.zip> : type<TR/Bagle.Zip> : null
Geändert von Caddy010 (22.09.2021 um 09:22 Uhr) |
|
22.09.2021, 09:24
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR Bagle zip erkannt aber kann nicht entfernt werdenZitat:
Störende, veraltete oder unnötige Programme deinstallieren Bitte über Programme und Features (appwiz.cpl) deinstallieren:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2021, 09:48
| #8 |
| | TR Bagle zip erkannt aber kann nicht entfernt werden Ja da haette ich besser informiert sein muessen. Ich bin deinen Anweisungen gefolgt! Soll ich nun das FSRT programm nochmal laufen lassen? |
|
22.09.2021, 12:54
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR Bagle zip erkannt aber kann nicht entfernt werden adwCleaner Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner bitte wiederholen falls es Funde gab.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2021, 12:59
| #10 |
| | TR Bagle zip erkannt aber kann nicht entfernt werden erledigt! Hier die Logdatei : Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-22-2021
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 21
# Failed: 8
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\sarah\AppData\Roaming\Spywatch
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
***** [ Files ] *****
Deleted C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spywatch.lnk
Deleted C:\Users\sarah\Downloads\TOTALAV_SETUP.EXE
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityServiceMonitor
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted de.banggood.com
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3946 octets] - [22/09/2021 13:57:26]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
|
|
22.09.2021, 13:40
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR Bagle zip erkannt aber kann nicht entfernt werden Was sollst du tun wenn adwCleaner Funde hatte?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2021, 13:45
| #12 |
| | TR Bagle zip erkannt aber kann nicht entfernt werden Scan wiederholen. Entschuldige bitte. Hier die Logdatei nach erneutem Scannen: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-22-2021
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 8
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
Not Deleted hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3946 octets] - [22/09/2021 13:57:26]
AdwCleaner[C00].txt - [3606 octets] - [22/09/2021 13:58:20]
AdwCleaner[S01].txt - [2613 octets] - [22/09/2021 14:43:58]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
|
|
22.09.2021, 13:56
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR Bagle zip erkannt aber kann nicht entfernt werden Wieso wurden die letzten Einträge nicht entfernt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2021, 14:03
| #14 |
| | TR Bagle zip erkannt aber kann nicht entfernt werden du meinst diese 'mystartsearch.com' dinger oder? Das weiss ich leider nicht... Im AdwCleaner werden mir nur in der 'Quarantine' PUPs angezeigt. soll ich die loeschen und dann nochmal scannen? |
|
22.09.2021, 15:10
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR Bagle zip erkannt aber kann nicht entfernt werden Ist erstmal nicht nötig. Bitte ne neue FRST.txt und Addition.txt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR Bagle zip erkannt aber kann nicht entfernt werden |
| .dll, administrator, adobe, antivirus, avast, avg, avira, bagle, browser, defender, firefox, google, home, homepage, installation, internet, monitor, mozilla, nvcontainer, nvcontainer.exe, nvidia, registry, rundll, scan, software, temp, tr/bagle.zip, webadvisor, windows |
Linear-Darstellung
