| Caddy010 | 22.09.2021 00:59 |
TR Bagle zip erkannt aber kann nicht entfernt werden
Hallo ihr Lieben,
Nach einem Scan mit McAfee-Total Protection und TotalAV wurde bei mir die Datei TR/Bagle.zip erkannt. Nach Quarantaene und weiteren Scans kam jedoch immer wieder die selbe Meldung und nach etwas suchen bin ich dann auf einen aehnlichen Beitrag hier gestossen. Dort habe ich auch gesehen dass ihr McAfee absolut ablehnt und Windows Defender empfehlt, bevor ich jedoch irgendwas deinstalliere, dachte ich mache ich hier lieber den Post und bitte euch, euch das anzuschauen. Ich danke schonmal in Vorraus fuer eure Hilfe!
Frst: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2021
Ran by sarah (administrator) on DESKTOP-GFVHT56 (Megaport 47-164630) (22-09-2021 01:25:31)
Running from C:\Users\sarah\Downloads
Loaded Profiles: sarah
Platform: Windows 10 Home Version 20H2 19042.1237 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Allegorithmic, SAS -> Allegorithmic an Adobe Company) C:\Program Files\Allegorithmic\Substance Launcher\Substance Launcher.exe <3>
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSProtectedService.exe
(Discord Inc. -> Discord Inc.) C:\Users\sarah\AppData\Local\Discord\app-1.0.9002\Discord.exe <6>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.8.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(GOG Sp. z o.o. -> GOG.com) D:\Programms\GOG Galaxy\GalaxyClient Helper.exe <2>
(GOG Sp. z o.o. -> GOG.com) D:\Programms\GOG Galaxy\GalaxyClient.exe
(GOG Sp. z o.o. -> GOG.com) D:\Programms\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <40>
(Huawei Technologies Co., Ltd. -> ) C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ChromiumContainer\delegate.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.9.126.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_9\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\CoreUI\Launch.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\McAfee\MSC\MfeBrowserHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\ProgramData\McAfee\McInstruTrack\McInstruTrack.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\sarah\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\sarah\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\sarah\AppData\Local\Microsoft\Teams\current\Teams.exe <10>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.1.6.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe <2>
(OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe <2>
(Protected Antivirus Limited -> TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) D:\Huion Tablet\Huion Tablet.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) D:\Huion Tablet\x64\TabletDriverCore.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Valve -> Valve Corporation) D:\Programms\Games\steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) D:\Programms\Games\steam\steam.exe
(Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\CoreScanner.exe
(Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\HidKeyboardEmulator.exe
(Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\RSMDriverProviderService.exe
(Zebra Technologies) [File not signed] C:\Program Files\Zebra Technologies\Barcode Scanners\Common\ScannerService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353408 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779504 2021-07-01] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33318368 2021-09-08] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Discord] => C:\Users\sarah\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Substance Launcher] => C:\Program Files\Allegorithmic\Substance Launcher\Substance Launcher.exe [93987576 2021-06-23] (Allegorithmic, SAS -> Allegorithmic an Adobe Company)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [GogGalaxy] => D:\Programms\GOG Galaxy\GalaxyClient.exe [13728096 2021-08-19] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [TabletDriver] => D:\Huion Tablet\x64\TabletDriverCore.exe [334568 2020-12-16] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Battle.net] => D:\Programms\Games\Battle.net\Battle.net.exe [1079184 2021-09-09] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Steam] => D:\Programms\Games\steam\steam.exe [4282600 2021-09-14] (Valve -> Valve Corporation)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\MountPoints2: {b5fb518b-caab-11eb-9793-18c04daad6b9} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\MountPoints2: {b6c40de3-ba4b-11eb-978e-18c04daad6b9} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-14] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Huion Tablet.lnk [2021-05-04]
ShortcutTarget: Huion Tablet.lnk -> D:\Huion Tablet\Huion Tablet.exe (Shenzhen Huion Animation Technology Co.,LTD -> )
Startup: C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spywatch.lnk [2021-05-16] <==== ATTENTION
ShortcutTarget: Spywatch.lnk -> C:\Users\sarah\AppData\Roaming\Spywatch\SPYWATCH.EXE (No File)
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {22F5B16A-5874-46CF-8A63-F8838BC604A4} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4623976 2020-10-19] (McAfee, LLC -> McAfee, LLC)
Task: {29C72D8D-61B3-43CF-AB25-36DB159018EF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {33D82B57-9D43-42E6-A524-8E032C2FA2D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-30] (Google LLC -> Google LLC)
Task: {341B91ED-C627-4A6C-B36A-1C124A0E6ADE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3972F85B-BA30-4786-A806-DBDC13FF6CE7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993400 2020-10-30] (McAfee, LLC -> McAfee, LLC)
Task: {566AD36F-A6A3-45FE-AF08-76765C3E66FA} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {624C1D9A-554E-4E7D-A71D-7232CEA10AC2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139096 2021-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6FBB1B56-1B01-4B58-B17C-B3E74CEB9D08} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7094EAA4-0DFB-4320-82DB-511F5623B775} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139096 2021-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {73BA23F9-39E1-41E8-B331-EB280625063E} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [736704 2020-11-03] (McAfee, LLC -> McAfee, LLC)
Task: {850202D7-C3EB-47C6-8A65-5415CE5B5819} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D43F512-873D-4B60-890E-D3D7DACE041C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8EE7DC68-31AB-4D4B-A4D6-24797B22794C} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8FDEE456-E745-4BD7-B6C8-8AD826DE3D1E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {92E02A09-8E6B-45CA-8930-56D11614214F} - System32\Tasks\McInstruTrack => C:\ProgramData\McAfee\McInstruTrack\McInstruTrack.exe [775360 2020-12-14] (McAfee, LLC. -> McAfee, LLC.)
Task: {974268DB-47D0-4A0C-9A6C-2E098866F8B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-30] (Google LLC -> Google LLC)
Task: {9D9D96BC-329A-4BF9-B24B-8605733ABD73} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A2724F55-D9FE-4150-B332-92A7F67C6CAC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AA8E0250-CD29-4B58-86A8-43E0C6EACAE2} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CDE53AAB-B24F-4854-AE13-24F0118D23B0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {E83C436B-7D44-4936-B70B-DA097C7F3116} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [993400 2020-10-30] (McAfee, LLC -> McAfee, LLC)
Task: {EA12FC5E-698D-4FF0-9294-CE70F8FBF648} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EE5C371F-25EC-4A15-B6E7-A06269DA86E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F02B39E4-0482-4FB4-8230-C3B8D231D6A1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {F1283ECA-7012-4554-A75A-0958FA2167D7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FBB00AF4-5599-469C-9862-382369B8F4E2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD3DA893-9575-436C-8AF5-76F5B7BABD31} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4000984 2020-11-04] (McAfee, LLC -> McAfee, LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{946c339f-f40f-4ade-9ea6-c3c0a3209da2}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{a1264e5e-f4a3-4903-a297-d320d1050b28}: [DhcpNameServer] 192.168.120.250
Tcpip\..\Interfaces\{d1256d2c-c313-4b1f-9a9c-a0b46ef245b7}: [DhcpNameServer] 192.168.120.250
Tcpip\..\Interfaces\{fc0f2e7e-eb78-46d6-ac89-363fbb9f20b0}: [DhcpNameServer] 192.168.120.250
Edge:
=======
Edge Profile: C:\Users\sarah\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-22]
FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-09-21] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-11-04] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-07-01] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-11-04] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-07-01] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default [2021-09-22]
CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.lieferando.de; hxxps://www.pinterest.de
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Präsentationen) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-30]
CHR Extension: (Docs) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-30]
CHR Extension: (Google Drive) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-30]
CHR Extension: (YouTube) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-30]
CHR Extension: (Cookie Watch) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmogeohlpljgihhbafbnincahfmafbfn [2021-05-16]
CHR Extension: (Tabellen) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-30]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-09-21]
CHR Extension: (Total Adblock - Ad Blocker) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekdekpbfehejjiecgonmgmepbdnaggp [2021-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-29]
CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-09-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-30]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-09-19]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2021-06-24]
CHR Extension: (Google Mail) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-30]
CHR Extension: (Avast AntiTrack Premium) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdidpcihajhihmghhhkfnpklgdehold [2021-09-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0117641632252917mcinstcleanup; C:\ProgramData\McInstTemp0117641632252917\McInst.exe [871048 2020-11-03] (McAfee, LLC -> McAfee, LLC)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842480 2021-07-01] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMSProtectedService; C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe [639304 2021-05-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
R2 CoreScanner; C:\Program Files\Zebra Technologies\Barcode Scanners\Common\CoreScanner.exe [690688 2019-09-19] (Zebra Technologies) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2021-05-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [595944 2021-08-14] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 GalaxyClientService; D:\Programms\GOG Galaxy\GalaxyClientService.exe [1955680 2021-08-19] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-07-18] (GOG Sp. z o.o. -> GOG.com)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2020-12-05] (Huawei Technologies Co., Ltd. -> )
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [953544 2021-09-21] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_9\McApExe.exe [779592 2020-11-04] (McAfee, LLC -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [583344 2020-11-03] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.9.126.0\\McCSPServiceHost.exe [2785184 2020-11-30] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [646248 2020-09-14] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [646248 2020-09-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [646248 2020-09-14] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1584272 2020-11-27] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4217416 2020-11-27] (McAfee, LLC -> McAfee, LLC)
R2 rsmdriverproviderservice; C:\Program Files\Zebra Technologies\Barcode Scanners\Common\RSMDriverProviderService.exe [136192 2019-09-23] (Zebra Technologies) [File not signed]
R2 ScnSrvc; C:\Program Files\Zebra Technologies\Barcode Scanners\Common\ScannerService.exe [288256 2019-09-19] (Zebra Technologies) [File not signed]
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [263976 2021-05-14] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
R2 SecurityServiceMonitor; C:\Program Files (x86)\TotalAV\SecurityService.exe [263976 2021-05-14] (Protected Antivirus Limited -> TotalAV) <==== ATTENTION
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10301672 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 AMSElamDriver; C:\Windows\System32\drivers\amselam.sys [21976 2021-05-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208176 2020-12-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [197176 2020-12-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2020-12-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75704 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18944 2020-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2021-04-21] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2020-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [89096 2020-05-26] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [531896 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [385464 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85944 2020-09-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522168 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [1019832 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [603072 2020-09-17] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [107968 2020-09-17] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116664 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252344 2020-09-22] (McAfee, Inc. -> McAfee, LLC)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6438816 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
R3 vmulti; C:\Windows\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2021-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [433384 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R1 webshieldfilter; C:\Windows\System32\drivers\webshieldfilter.sys [96264 2020-12-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-22 01:25 - 2021-09-22 01:26 - 000033024 _____ C:\Users\sarah\Downloads\FRST.txt
2021-09-22 01:24 - 2021-09-22 01:25 - 000000000 ____D C:\FRST
2021-09-22 01:23 - 2021-09-22 01:23 - 002304512 _____ (Farbar) C:\Users\sarah\Downloads\FRST64.exe
2021-09-21 22:14 - 2021-05-13 11:15 - 000021976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\amselam.sys
2021-09-21 22:13 - 2020-12-09 19:37 - 000208176 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2021-09-21 22:13 - 2020-12-09 19:37 - 000197176 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2021-09-21 22:13 - 2020-12-09 19:37 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2021-09-21 22:06 - 2021-09-21 22:06 - 000000000 ____D C:\Users\sarah\OneDrive\Documents\TotalAV
2021-09-21 22:06 - 2020-12-09 19:37 - 000096264 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\webshieldfilter.sys
2021-09-21 22:03 - 2021-09-21 22:13 - 000000000 ____D C:\Program Files (x86)\TotalAV
2021-09-21 22:03 - 2021-09-21 22:03 - 000001153 _____ C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2021-09-21 22:03 - 2021-09-21 22:03 - 000001067 _____ C:\Users\Public\Desktop\TotalAV.lnk
2021-09-21 22:03 - 2021-09-21 22:03 - 000000000 ____D C:\Users\sarah\AppData\Local\GUI
2021-09-21 22:03 - 2021-09-21 22:03 - 000000000 ____D C:\ProgramData\TotalAV
2021-09-21 22:03 - 2021-09-21 22:03 - 000000000 ____D C:\ProgramData\SecuritySuite
2021-09-21 22:02 - 2021-09-21 22:02 - 056445176 _____ C:\Users\sarah\Downloads\TotalAV_Setup.exe
2021-09-21 21:38 - 2021-09-21 21:38 - 000003018 _____ C:\Windows\system32\Tasks\McInstruTrack
2021-09-21 21:38 - 2021-09-21 21:38 - 000002138 _____ C:\Users\Public\Desktop\McAfee® Total Protection.lnk
2021-09-21 21:38 - 2021-09-21 21:38 - 000000000 __RSD C:\Users\sarah\OneDrive\Documents\McAfee Vaults
2021-09-21 21:38 - 2021-09-21 21:38 - 000000000 ____D C:\Users\sarah\AppData\Local\McAfee File Lock
2021-09-21 21:38 - 2021-09-21 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-09-21 21:38 - 2020-05-26 00:12 - 000089096 _____ (McAfee, LLC) C:\Windows\system32\Drivers\McPvDrv.sys
2021-09-21 21:37 - 2020-05-26 00:11 - 000218960 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2021-09-21 21:36 - 2021-09-21 21:36 - 000003332 _____ C:\Windows\system32\Tasks\McAfeeLogon
2021-09-21 21:35 - 2021-09-21 22:35 - 000003710 _____ C:\Windows\system32\Tasks\McAfee Remediation (Prepare)
2021-09-21 21:35 - 2021-09-21 21:38 - 000000000 ____D C:\Program Files\McAfee
2021-09-21 21:35 - 2021-09-21 21:38 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-09-21 21:35 - 2021-09-21 21:37 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2021-09-21 21:35 - 2021-09-21 21:37 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-09-21 21:35 - 2021-09-21 21:35 - 000000000 ____D C:\ProgramData\McInstTemp0117641632252917
2021-09-21 21:35 - 2021-09-21 21:35 - 000000000 ____D C:\Program Files\McAfee.com
2021-09-21 21:35 - 2021-09-21 21:35 - 000000000 ____D C:\Program Files\Common Files\AV
2021-09-21 21:35 - 2020-09-14 14:01 - 000579040 _____ (McAfee, LLC) C:\Windows\system32\mfevtps.exe
2021-09-21 21:28 - 2021-09-21 22:02 - 000000000 ____D C:\ProgramData\McAfee
2021-09-21 21:28 - 2021-09-21 21:28 - 000000000 _____ C:\Users\sarah\AppData\Roaming\MCVi2UserDetail.ini
2021-09-20 14:53 - 2021-09-20 14:56 - 000000000 ___HD C:\adobeTemp
2021-09-19 16:03 - 2021-09-19 16:03 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-09-19 16:03 - 2021-09-19 16:03 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-09-19 16:03 - 2021-09-19 16:03 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-09-19 16:03 - 2021-09-19 16:03 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE
2021-09-19 16:03 - 2021-09-19 16:03 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-09-19 16:03 - 2021-09-19 16:03 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-09-19 16:03 - 2021-09-19 16:03 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-09-19 16:03 - 2021-09-19 16:03 - 000426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-09-19 16:03 - 2021-09-19 16:03 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-09-19 16:03 - 2021-09-19 16:03 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-09-19 16:03 - 2021-09-19 16:03 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-09-19 16:03 - 2021-09-19 16:03 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2021-09-19 16:03 - 2021-09-19 16:03 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2021-09-19 16:03 - 2021-09-19 16:03 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-09-19 16:03 - 2021-09-19 16:03 - 000011355 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-09-19 15:56 - 2021-09-19 15:56 - 000000000 ___HD C:\$WinREAgent
2021-08-28 15:09 - 2021-08-28 15:09 - 000000266 _____ C:\Windows\system32\SettingsFile.xml
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-22 01:11 - 2021-04-30 17:26 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-22 00:53 - 2021-04-30 22:29 - 000000000 ____D C:\Users\sarah\AppData\Roaming\discord
2021-09-22 00:52 - 2021-04-30 22:29 - 000000000 ____D C:\Users\sarah\AppData\Local\Discord
2021-09-22 00:52 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-09-22 00:51 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-22 00:38 - 2020-11-19 09:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-21 23:58 - 2021-05-16 20:30 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Spywatch
2021-09-21 23:33 - 2021-01-19 09:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-09-21 22:14 - 2021-06-03 11:15 - 000000000 ____D C:\Users\sarah\AppData\Local\CrashDumps
2021-09-21 22:14 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-09-21 21:38 - 2019-12-07 11:14 - 000000124 _____ C:\Windows\win.ini
2021-09-21 21:37 - 2021-04-30 17:21 - 000000000 ____D C:\Users\sarah\AppData\Local\D3DSCache
2021-09-21 21:36 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-09-21 21:24 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-21 21:24 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-21 13:11 - 2021-04-30 17:32 - 000000000 ____D C:\ProgramData\NVIDIA
2021-09-20 14:57 - 2021-07-21 18:10 - 000741554 _____ C:\Windows\system32\perfh007.dat
2021-09-20 14:57 - 2021-07-21 18:10 - 000149804 _____ C:\Windows\system32\perfc007.dat
2021-09-20 14:57 - 2021-01-19 09:23 - 001722792 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-20 14:56 - 2021-07-01 15:41 - 000000000 ___RD C:\Users\sarah\Creative Cloud Files
2021-09-20 14:54 - 2021-05-07 21:07 - 000000000 ____D C:\Users\sarah\AppData\Local\Battle.net
2021-09-20 14:53 - 2021-05-03 15:31 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2021-09-20 14:52 - 2021-05-03 13:12 - 000000000 ____D C:\Users\sarah\AppData\Roaming\substancelinkopentcp
2021-09-20 14:52 - 2021-05-03 13:12 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Substance Launcher
2021-09-20 14:52 - 2021-04-30 17:22 - 000000000 ___RD C:\Users\sarah\OneDrive
2021-09-20 14:50 - 2021-01-19 09:18 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-20 14:50 - 2020-11-19 09:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-19 17:57 - 2019-12-07 11:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-09-19 17:56 - 2021-01-19 09:25 - 000000185 _____ C:\Windows\system32\symbscnr.log.bak
2021-09-19 17:56 - 2020-11-19 09:30 - 000446160 _____ C:\Windows\system32\FNTCACHE.DAT
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-09-19 17:55 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2021-09-19 16:25 - 2021-06-01 11:51 - 000002371 _____ C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-09-19 16:05 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-09-19 16:02 - 2021-01-19 10:12 - 000000000 ____D C:\Program Files\Microsoft Office
2021-09-19 15:56 - 2021-01-19 09:22 - 000000000 ____D C:\Windows\system32\MRT
2021-09-19 15:54 - 2021-01-19 09:22 - 135637312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-18 11:36 - 2020-11-19 09:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-18 11:36 - 2020-11-19 09:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-16 16:35 - 2021-05-04 22:08 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-09-14 23:01 - 2021-04-30 17:27 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-14 23:01 - 2021-04-30 17:27 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-10 16:06 - 2021-04-30 17:22 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1447197201-901239501-998365885-1001
2021-09-10 16:06 - 2021-04-30 17:22 - 000002386 _____ C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-08 19:12 - 2020-11-19 09:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-09-08 13:33 - 2021-05-04 22:07 - 000000000 ____D C:\Program Files\Adobe
2021-08-31 12:30 - 2021-01-19 09:23 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-08-29 14:13 - 2021-05-02 23:45 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
==================== Files in the root of some directories ========
2021-09-21 21:28 - 2021-09-21 21:28 - 000000000 _____ () C:\Users\sarah\AppData\Roaming\MCVi2UserDetail.ini
2021-07-05 16:23 - 2021-07-05 16:38 - 000001456 _____ () C:\Users\sarah\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-07-03 18:57 - 2021-07-03 18:57 - 000000000 _____ () C:\Users\sarah\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
|
