Jump to content

Nasty Adware wont get removed.


simser

Recommended Posts

I cant edit my post sadly, wanted to attach more information. 

Here is a RKILL Log (right after scanning with Malwarebytes, but i didnt move it to Quarantine or deleted it yet)

Quote

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2019 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/15/2019 11:25:24 PM in x64 mode.
Windows Version: Windows 10 Pro 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 02/15/2019 11:26:36 PM
Execution time: 0 hours(s), 1 minute(s), and 11 seconds(s)

 

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

Link to post
Share on other sites

Text is in German, hope its not a problem

Quote

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 16.02.2019 01
durchgeführt von Admin (Administrator) auf PSYTOWER (16-02-2019 22:47:11)
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin (Verfügbare Profile: Admin)
Platform: Windows 10 Pro Version 1803 17134.590 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(The OpenVPN Project) D:\Programme\OpenVPN\bin\openvpnserv.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
(Electronic Arts) D:\Programme\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Andrew Sampson) D:\Programme\Borderless Gaming\BorderlessGaming.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Plantronics\HD1\optimus3D_x64.exe
(Valve Corporation) D:\Programme\Steam\Steam.exe
(Blizzard Entertainment) D:\Programme\Battle.net\Battle.net.exe
(Discord Inc.) C:\Users\Admin\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Admin\AppData\Local\Discord\app-0.0.304\Discord.exe
(Ubisoft) D:\Programme\Ubisoft Game Launcher\upc.exe
(Discord Inc.) C:\Users\Admin\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Admin\AppData\Local\Discord\app-0.0.304\Discord.exe
() D:\Programme\OpenVPN\bin\openvpn-gui.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Discord Inc.) C:\Users\Admin\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Admin\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Admin\AppData\Local\Discord\app-0.0.304\Discord.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.6563\Agent.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe
() D:\Programme\Lioncast\LCMon.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Ubisoft) D:\Programme\Ubisoft Game Launcher\UplayWebCore.exe
(Blizzard Entertainment) D:\Programme\Battle.net\Battle.net.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Discord Inc.) C:\Users\Admin\AppData\Local\Discord\app-0.0.304\Discord.exe
(Discord Inc.) C:\Users\Admin\AppData\Local\Discord\app-0.0.304\Discord.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Ubisoft) D:\Programme\Ubisoft Game Launcher\UplayWebCore.exe
(Ubisoft) D:\Programme\Ubisoft Game Launcher\UplayWebCore.exe
(Ubisoft) D:\Programme\Ubisoft Game Launcher\UplayWebCore.exe
(Valve Corporation) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Blizzard Entertainment) D:\Programme\Battle.net\Battle.net.exe
(Valve Corporation) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
() D:\Programme\Steam\SteamApps\common\The Ultimate Clicker Master of the Universe\CM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MpCmdRun.exe
(Valve Corporation) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\HD1\optimus3D_x64.exe [3321632 2015-10-19] (Plantronics -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [LCgmmouse20Run] => D:\Programme\Lioncast\LCmon.exe [3319296 2016-09-29] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [P17RunE] => C:\Windows\SysWOW64\P17RunE.dll [14848 2008-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [27136 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2542408596-2218748371-3777474354-1001\...\Run: [Discord] => C:\Users\Admin\AppData\Local\Discord\app-0.0.304\Discord.exe [81747288 2019-01-15] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2542408596-2218748371-3777474354-1001\...\Run: [OPENVPN-GUI] => D:\Programme\OpenVPN\bin\openvpn-gui.exe [665216 2018-03-01] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-2542408596-2218748371-3777474354-1001\...\Run: [yAfvcL&Rms.exe] => C:\Program Files\Gemeinsame Dateien\2AA7Y7Z\yAfvcL&Rms.exe 
HKU\S-1-5-21-2542408596-2218748371-3777474354-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [10048920 2018-12-27] (Binary Fortress Software Ltd. -> Binary Fortress Software)
HKU\S-1-5-21-2542408596-2218748371-3777474354-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> D:\ASCIIQ~1.SCR [1996288 2016-04-24] (J Sommer)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\WINDOWS\system32\vfwwdm32.dll [67072 2018-04-12] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (On2.com)
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (On2.com)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-14] (Google Inc -> Google Inc.)
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-06-26]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{27579a4f-5a7a-4525-8c4e-0459d85eafe7}: [DhcpNameServer] 10.16.1.1 10.16.1.1
Tcpip\..\Interfaces\{7dfe389a-aa4c-4307-bdef-c2b3ca8bb6f4}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{fb9a14ff-da57-4f1f-9c23-632e10665610}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [] ()
BHO: YoutubeAdBlock -> {BAA31A35-DDC9-488F-864E-7FF705D4DDBD} -> C:\Program Files (x86)\zDUkwTwaYIE\tAi5BR0J.dll => Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [] ()
BHO-x32: YoutubeAdBlock -> {BAA31A35-DDC9-488F-864E-7FF705D4DDBD} -> C:\Program Files (x86)\zDUkwTwaYIE\kBy8vJ5.dll => Keine Datei

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-25] (Oracle Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-11-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-11-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> D:\Programme\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> D:\Programme\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> D:\Programme\VLC\npvlc.dll [2019-01-10] (VideoLAN)

Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://bhloflhklmhfpedakmangadcdofhnnoh/index.html"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2019-02-16]
CHR Extension: (Easy Auto Refresh) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2018-01-19]
CHR Extension: (ProxFlow) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2018-09-13]
CHR Extension: (Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-19]
CHR Extension: (BetterTTV) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2018-01-19]
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-19]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (AutoJoin for SteamGifts) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bchhlccjhoedhhegglilngpbnldfcidc [2018-06-22]
CHR Extension: (Earth View from Google Earth) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2018-08-12]
CHR Extension: (Web2PDFConverter) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkanhckocooacphbnclgcndnpfpoppdk [2018-01-19]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-19]
CHR Extension: (Sad Panda) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2018-05-13]
CHR Extension: (Ban Checker for Steam) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\canbadmphamemnmdfngmcabnjmjgaiki [2018-07-26]
CHR Extension: (My IP address) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfphbgnmmhjfalloifioeeeokjemobf [2018-01-19]
CHR Extension: (Pushbullet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2018-08-17]
CHR Extension: (uBlock Origin) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-02-16]
CHR Extension: (Easy SteamGifts) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cklbilaeedbblhpkhjfcnmaocjdodcnm [2018-01-19]
CHR Extension: (Search by Image (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2018-01-19]
CHR Extension: (Tampermonkey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-12-18]
CHR Extension: (DevTools Author) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfhcfdfnajldliefpdoaojgahefjhhi [2018-01-19]
CHR Extension: (Blur) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2018-05-07]
CHR Extension: (Steam Charts) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbofeihdgkiglinelpeaanodonnajdil [2018-01-19]
CHR Extension: (Full Page Screen Capture) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-09-15]
CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-19]
CHR Extension: (EditThisCookie) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-11-29]
CHR Extension: (HTTPS Everywhere) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-02-01]
CHR Extension: (The QR Code Generator) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2018-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-02-15]
CHR Extension: (Google Search \) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgngncnljacgakaiifjcgdnknaglfipo [2018-05-28]
CHR Extension: (Imgur Gallery Downloader) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcjdhcncfdmmbfgpcbiggpgdplcofe [2018-01-19]
CHR Extension: (Imagus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2018-12-05]
CHR Extension: (Dropbox) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2018-03-22]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2018-10-08]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2019-02-10]
CHR Extension: (Steam Database) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2019-02-15]
CHR Extension: (Country Flags) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\keifkkbjefbkgedeolmccljagcmphldp [2018-03-27]
CHR Extension: (Better Youtube Subscriptions) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgicdngjllamjgijagdkoalhkpplipnd [2018-01-19]
CHR Extension: (Morpheon Dark) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2019-01-17]
CHR Extension: (Steam.Design Buttons) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjmabgdoainclinjecbkdancpamdiaih [2019-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-15]
CHR Extension: (Enhanced Steam) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2019-02-01]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-15]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2018-01-19]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8348064 2018-12-19] (BattlEye Innovations e.K. -> )
S3 Disc Soft Lite Bus Service; D:\Programme\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd -> Disc Soft Ltd)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [6601128 2018-12-27] (Binary Fortress Software Ltd. -> Binary Fortress Software)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-02-08] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OpenVPNService; D:\Programme\OpenVPN\bin\openvpnserv2.exe [15872 2018-03-01] ( ) [Datei ist nicht signiert]
R2 OpenVPNServiceInteractive; D:\Programme\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; D:\Programme\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [2298688 2019-01-23] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; D:\Programme\Origin\OriginWebHelperService.exe [3171144 2019-01-23] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2018-02-11] (Even Balance, Inc. -> )
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-06-01] (Microsoft Windows -> )
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286720 2018-09-08] (Microsoft Windows -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-25] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-25] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [110488 2014-12-03] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-01-19] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-01-19] (Disc Soft Ltd -> Disc Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [154608 2018-09-18] (Muzychenko Evgenii Viktorovich, IP -> Eugene V. Muzychenko)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-01-19] (Martin Malik - REALiX -> REALiX(tm))
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-02-16] (Malwarebytes Corporation -> Malwarebytes)
R3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [400392 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6992f55a2cc4b209\nvlddmkm.sys [20371952 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 P17; C:\WINDOWS\system32\drivers\P17.sys [1289216 2009-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 PLTHD1; C:\WINDOWS\system32\DRIVERS\RIG5020HD.sys [4206560 2015-10-15] (WDKTestCert Robert,130802973755980687 -> Plantronics)
S3 qcusbnet; C:\WINDOWS\System32\drivers\qcusbnet.sys [428600 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [206104 2014-12-03] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [50224 2017-08-21] (Tomasz Moń -> USBPcap)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46488 2019-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343032 2019-01-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-25] (Microsoft Windows -> Microsoft Corporation)
U4 UnlockerDriver5; \??\D:\Programme\Steam\steamapps\common\Distance\Soundtrack and Art Book\x86\UnlockerDriver5.sys [X]
S1 ycmaqaqg; \??\C:\WINDOWS\system32\drivers\ycmaqaqg.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-02-16 22:47 - 2019-02-16 22:47 - 000029331 _____ C:\Users\Admin\Desktop\FRST.txt
2019-02-16 22:47 - 2019-02-16 22:47 - 000000000 ____D C:\FRST
2019-02-16 22:46 - 2019-02-16 22:46 - 002434560 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2019-02-16 22:27 - 2019-02-16 22:27 - 000001159 _____ C:\Users\Admin\Desktop\MSI Afterburner.lnk
2019-02-16 22:27 - 2019-02-16 22:27 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2019-02-16 22:27 - 2019-02-16 22:27 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2019-02-16 22:07 - 2019-02-16 22:07 - 000000000 ___HD C:\OneDriveTemp
2019-02-16 22:03 - 2019-02-16 22:03 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-16 10:59 - 2018-09-20 05:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-02-15 23:25 - 2019-02-15 23:26 - 000002344 _____ C:\Users\Admin\Desktop\Rkill.txt
2019-02-15 23:15 - 2019-02-15 23:15 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-02-12 21:42 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-12 21:42 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-12 21:42 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-12 21:42 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-12 21:42 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-12 21:42 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-12 21:42 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-12 21:42 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-12 21:42 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-12 21:42 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-12 21:42 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-12 21:42 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-12 21:42 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-12 21:42 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-12 21:42 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-12 21:42 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-12 21:42 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-12 21:42 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-12 21:42 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-12 21:42 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-12 21:42 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-12 21:42 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-12 21:42 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-12 21:42 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-12 21:42 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-12 21:42 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-12 21:42 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-12 21:42 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-12 21:42 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-12 21:42 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-12 21:42 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-12 21:42 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-12 21:42 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-12 21:42 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-12 21:42 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-12 21:42 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-12 21:42 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-12 21:42 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-12 21:42 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-12 21:42 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-12 21:42 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-12 21:42 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-12 21:42 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-12 21:42 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-12 21:42 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-12 21:42 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-12 21:42 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-12 21:42 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-12 21:42 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-12 21:42 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-12 21:42 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-12 21:42 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-12 21:42 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-12 21:42 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2019-02-12 21:42 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-12 21:42 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-12 21:42 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-12 21:42 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-12 21:42 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-12 21:42 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-12 21:42 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-12 21:42 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-12 21:42 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-12 21:42 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-12 21:42 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-12 21:42 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-12 21:42 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-12 21:42 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-12 21:42 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-12 21:42 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-12 21:42 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-12 21:42 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-12 21:42 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-12 21:42 - 2019-02-06 02:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-12 21:42 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-12 21:42 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-12 21:42 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-12 21:42 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-12 21:42 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-12 21:42 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-12 21:42 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-12 21:42 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-12 21:42 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-12 21:42 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-12 21:42 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-12 21:42 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-12 21:42 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-12 21:42 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-12 21:42 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-12 21:42 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-12 21:42 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-12 21:42 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-12 21:42 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-12 21:42 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-12 21:42 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-12 21:42 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-12 21:42 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-12 21:42 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-12 21:42 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-12 21:42 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-12 21:42 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-12 21:42 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-12 21:42 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-12 21:42 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-12 21:42 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-12 21:42 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-12 21:42 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-12 21:42 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-12 21:42 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-12 21:42 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-12 21:42 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-12 21:42 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-12 21:42 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-12 21:42 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-12 21:42 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-12 21:42 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-12 21:42 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-12 21:42 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-12 21:42 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-12 21:42 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-12 21:42 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-12 21:42 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-12 21:42 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-12 21:42 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-12 21:42 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-12 21:42 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-12 21:42 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-12 21:42 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-12 21:42 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-12 21:42 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-12 21:42 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-12 21:42 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-12 21:42 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-12 21:42 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-12 21:42 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-12 21:42 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-12 21:42 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-12 21:42 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-12 21:42 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-12 21:42 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-12 21:42 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-12 21:42 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-12 21:42 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-12 21:42 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-12 21:42 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-12 21:42 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-12 21:42 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-12 21:42 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-12 21:42 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-12 21:42 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-12 21:42 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-12 21:42 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-12 21:42 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-12 21:42 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-12 21:42 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-12 21:42 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-12 21:42 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-12 21:42 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-12 21:42 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-12 21:42 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-12 21:42 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-12 21:42 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-12 21:42 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-12 21:42 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-12 21:42 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-12 21:42 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-12 21:42 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-12 21:42 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-12 21:42 - 2019-01-08 04:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-12 19:01 - 2019-02-12 19:01 - 000002668 _____ C:\Users\Admin\AppData\Local\recently-used.xbel
2019-02-08 14:49 - 2019-02-08 14:49 - 000116630 _____ C:\Users\Admin\Downloads\Russisch Lesen  und Schreiben lernen.pdf
2019-02-05 23:06 - 2019-02-05 23:06 - 000000000 ____D C:\Users\Admin\AppData\Roaming\qureate
2019-02-05 21:46 - 2019-02-16 10:57 - 000000306 __RSH C:\ProgramData\ntuser.pol
2019-02-02 22:39 - 2019-02-02 22:45 - 000000000 ____D C:\Users\Admin\Desktop\TitaniumBackup
2019-02-02 16:05 - 2019-02-02 16:05 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mutant Studios Entertainment
2019-02-02 13:21 - 2019-02-02 13:21 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Behold Studios
2019-02-01 21:07 - 2019-02-01 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-01 21:07 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-31 20:55 - 2019-02-04 21:00 - 000000000 ____D C:\Users\Admin\Documents\Anno 1800 Closed Beta
2019-01-31 13:09 - 2019-01-31 13:09 - 000922652 _____ C:\Users\Admin\Downloads\DekraWerkstud012019.pdf
2019-01-31 12:59 - 2019-01-31 12:59 - 000060666 _____ C:\Users\Admin\Downloads\MotusHeadlinerLaunchManagement012019.pdf
2019-01-29 20:07 - 2019-01-29 20:10 - 000000000 ____D C:\Users\Admin\Documents\bin
2019-01-28 14:45 - 2019-01-28 14:45 - 000001105 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2019-01-28 14:45 - 2019-01-28 14:45 - 000000000 ____D C:\Users\Admin\AppData\Roaming\GameRanger
2019-01-28 14:39 - 2019-01-28 15:06 - 000000000 ____D C:\Users\Admin\Documents\Stronghold Crusader
2019-01-27 21:11 - 2019-01-27 21:11 - 000000000 ____D C:\Users\Admin\Downloads\main
2019-01-25 10:24 - 2019-01-25 10:24 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Oracle
2019-01-23 18:59 - 2019-01-23 18:59 - 000000000 ____D C:\Users\Admin\Documents\Stronghold Crusader 2
2019-01-23 13:35 - 2019-01-23 13:35 - 000000000 ____D C:\Users\Admin\AppData\Local\Deployment
2019-01-23 13:35 - 2019-01-23 13:35 - 000000000 ____D C:\Users\Admin\AppData\Local\Apps\2.0
2019-01-21 16:57 - 2019-01-21 16:57 - 000000000 ____D C:\Users\Admin\Documents\DisplayFusion Backups
2019-01-21 16:55 - 2019-02-13 17:25 - 000000000 ____D C:\Users\Admin\AppData\Local\DisplayFusion
2019-01-21 16:54 - 2019-01-21 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2019-01-21 16:54 - 2019-01-21 16:57 - 000000000 ____D C:\Program Files (x86)\DisplayFusion
2019-01-21 16:54 - 2019-01-21 16:54 - 000000000 ____D C:\ProgramData\Binary Fortress Software
2019-01-21 16:12 - 2019-01-21 16:12 - 002870984 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2019-01-21 16:12 - 2019-01-21 16:12 - 000000000 ____D C:\Program Files (x86)\ESET
2019-01-17 03:15 - 2019-01-17 03:15 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\rkill-unsigned.exe

==================== Ein Monat (geänderte) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-02-16 22:47 - 2018-01-23 23:40 - 000000000 ____D C:\Users\Admin\AppData\Local\Battle.net
2019-02-16 22:45 - 2018-06-02 12:50 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2019-02-16 22:09 - 2018-06-25 22:28 - 000758866 _____ C:\WINDOWS\system32\perfh019.dat
2019-02-16 22:09 - 2018-06-25 22:28 - 000150726 _____ C:\WINDOWS\system32\perfc019.dat
2019-02-16 22:09 - 2018-06-02 12:47 - 002628722 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-16 22:09 - 2018-04-12 17:14 - 000741854 _____ C:\WINDOWS\system32\perfh007.dat
2019-02-16 22:09 - 2018-04-12 17:14 - 000149526 _____ C:\WINDOWS\system32\perfc007.dat
2019-02-16 22:09 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-16 22:08 - 2018-01-19 22:11 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-16 22:07 - 2018-01-19 22:59 - 000000000 ____D C:\Users\Admin\AppData\Local\Ubisoft Game Launcher
2019-02-16 22:07 - 2018-01-19 22:03 - 000000000 ___RD C:\Users\Admin\OneDrive
2019-02-16 22:03 - 2018-06-02 12:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-16 22:03 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-16 22:03 - 2018-01-31 15:28 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-02-16 13:49 - 2018-01-19 22:56 - 000000000 ____D C:\Users\Admin\Documents\ShareX
2019-02-16 13:19 - 2018-06-02 12:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-16 10:59 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-16 10:58 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-16 10:58 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-16 02:47 - 2018-01-19 23:54 - 000000000 ____D C:\Users\Admin\AppData\Roaming\discord
2019-02-15 23:19 - 2018-11-16 20:56 - 000000000 ____D C:\Program Files\rempl
2019-02-13 10:10 - 2018-06-02 12:36 - 000541280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 02:06 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-13 02:06 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-13 02:06 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-13 02:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-13 02:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-13 02:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 02:05 - 2018-01-19 23:01 - 000000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2019-02-12 19:01 - 2018-07-09 13:21 - 000000000 ____D C:\Users\Admin\AppData\Local\gtk-2.0
2019-02-12 19:01 - 2018-05-16 18:44 - 000000000 ____D C:\Users\Admin\AppData\Local\babl-0.1
2019-02-12 01:05 - 2018-01-19 22:47 - 000000000 ____D C:\Users\Admin\AppData\Roaming\foobar2000
2019-02-10 22:38 - 2018-07-31 15:08 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2019-02-10 19:34 - 2018-06-14 00:37 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 20:40 - 2018-06-02 12:47 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2542408596-2218748371-3777474354-1001
2019-02-08 20:40 - 2018-06-02 12:41 - 000002383 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-08 19:59 - 2018-01-22 22:20 - 000000000 ____D C:\Users\Admin\Documents\My Games
2019-02-07 01:02 - 2018-01-23 20:35 - 000000000 ____D C:\ProgramData\Origin
2019-02-05 21:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-02-02 23:53 - 2018-08-16 04:00 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 23:53 - 2018-08-16 04:00 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-02 13:21 - 2018-11-04 17:45 - 000000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft
2019-02-01 21:14 - 2018-06-02 12:41 - 000000000 ____D C:\Users\Admin
2019-02-01 21:06 - 2018-07-31 17:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-01 18:03 - 2018-01-22 20:34 - 000000000 ____D C:\Users\Admin\AppData\Roaming\TS3Client
2019-01-30 18:39 - 2018-11-01 13:21 - 000000000 ____D C:\Users\Admin\Desktop\PROG
2019-01-27 21:00 - 2018-11-26 23:30 - 000000000 ____D C:\Users\Admin\AppData\Local\Activision
2019-01-26 13:15 - 2019-01-03 17:19 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-01-25 13:34 - 2018-02-28 13:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-25 10:28 - 2018-11-15 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-01-25 10:28 - 2018-11-15 21:38 - 000000000 ____D C:\Program Files\Java
2019-01-25 10:27 - 2018-11-15 21:45 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2019-01-21 18:35 - 2018-01-19 22:38 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Audacity
2019-01-21 16:22 - 2018-01-22 21:37 - 000000000 ____D C:\Users\Admin\Documents\Paradox Interactive
2019-01-20 20:04 - 2018-11-14 21:41 - 000000000 ____D C:\Users\Admin\Desktop\UH2
2019-01-17 04:56 - 2018-03-09 20:21 - 000000000 ____D C:\Users\Admin\AppData\Roaming\RenPy

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2018-11-11 00:30 - 2018-11-11 00:30 - 000003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-02-12 19:01 - 2019-02-12 19:01 - 000002668 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2018-08-31 15:46 - 2018-08-31 15:46 - 000007597 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\dllhost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dllhost.exe => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2018-06-02 12:36

==================== Ende von FRST.txt ============================

 

 

Addition.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ACHTUNG: Systemwiederherstellung ist deaktiviert
ATTENTION: System Restore is disabled
Turn System Restore ON for Drives in Windows 10 - Immediately.
https://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.

run MBAM and delete all items reported by Malwarebytes.

fixlist.txt

Link to post
Share on other sites

My Computer is a personal one and not used in a company or so which enforces policies hency why this folder can be modified. 

If i follow the tutorial from here i can remove this adware temporary. It seems like it modifies my "Policies" and adds itself to this or so, "gpupdate /force" is only used to update the GroupPolicies without a reboot.

 

Yes, the same issue from the beginning is still happening.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

The problem returned 3 days ago as I opened google.

Used your Chrome Guide and Malwarebytes and for now its fixed again. 

If its gonna return ill leave a message here again. for now it seems to be gone.

Tho, can I make sure to not get it again with some other tool?

Link to post
Share on other sites

If the cure was to reset the Sync then watch were you are going with your phone.

If the problem returns when make a not of the URL and the Domain. We most make sure that it's from the same location or a new attack.

Do you really need to Sync your devices?

Link to post
Share on other sites

Hi,

Let try this.

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>>

If the problem persists I suggest you start a service ticket in this forum.
https://forums.malwarebytes.com/forum/41-malwarebytes-3-support-forum/

An expert should be able to find out why this is not cleaned by MBAM.
 

Keep me posted.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.