Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security check for my laptop


  • This topic is locked This topic is locked
6 replies to this topic

#1 Cookie97

Cookie97

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:20 AM

Posted 11 July 2017 - 07:13 AM

Hello 
 

a computer in our lan was infected.

Can check someone my FRST logs from my pc?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by julian (administrator) on JULIAN-PC (11-07-2017 10:03:31)
Running from C:\Users\julian\Desktop
Loaded Profiles: julian & julianohneadmin (Available Profiles: julian & julianohneadmin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Quadsoft) C:\Program Files\USBLogon\usblonsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Resilio, Inc.) C:\Users\julianohneadmin\AppData\Roaming\Resilio Sync\Resilio Sync.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(RA4W VPN) C:\Users\julianohneadmin\Desktop\RA4WVPN Client\RA4W VPN.exe
(The OpenVPN Project) C:\Users\julianohneadmin\Desktop\RA4WVPN Client\bin\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(BitTorrent Inc.) C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe
(BitTorrent Inc.) C:\Users\julian\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe
(BitTorrent Inc.) C:\Users\julian\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\julian\Desktop\FRST64english.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [USBLogon] => C:\Program Files\USBLogon\usblondetect.exe [12288 2017-01-29] (Quadsoft)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-148578213-2711690863-4211719025-1001\...\Run: [BitTorrent] => C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe [2150088 2017-07-11] (BitTorrent Inc.)
HKU\S-1-5-21-148578213-2711690863-4211719025-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-148578213-2711690863-4211719025-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-04-12] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-148578213-2711690863-4211719025-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-148578213-2711690863-4211719025-1006\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-04-12] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-148578213-2711690863-4211719025-1006\...\Run: [Resilio Sync] => C:\Users\julianohneadmin\AppData\Roaming\Resilio Sync\Resilio Sync.exe [16873992 2017-06-05] (Resilio, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{332A5046-30E6-4A7C-B48C-2F38E527ED37}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3434A18F-DD23-4C9A-A1C7-95990A1C9279}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3434A18F-DD23-4C9A-A1C7-95990A1C9279}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8B0301E0-397F-442B-BA93-EE2ED7153BC3}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-06-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-06-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-06-21] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\Root\Office15\URLREDIR.DLL [2017-06-21] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-148578213-2711690863-4211719025-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\Root\Office15\MSOSB.DLL [2017-06-21] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-03-30]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\Root\Office15\NPSPWRAP.DLL [2017-06-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-09] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default [2017-07-11]
CHR Extension: (Google Docs) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-13]
CHR Extension: (Google Drive) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-15]
CHR Extension: (YouTube) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-09]
CHR Extension: (Google Mail) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-13]
CHR Extension: (Chrome Media Router) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [139472 2017-05-18] (eVenture Limited)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-03-30] (Microsoft Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197768 2017-04-12] (Sandboxie Holdings, LLC)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 USBLogonService; C:\Program Files\USBLogon\usblonsvc.exe [13312 2017-01-29] (Quadsoft) [File not signed]
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195296 2017-05-09] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [314864 2017-05-09] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1035480 2017-05-09] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2017-03-30] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-30] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-05-09] (AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-07-11] (Malwarebytes)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [206984 2017-04-12] (Sandboxie Holdings, LLC)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [467368 2017-05-26] (IDRIX)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-11 09:50 - 2017-07-11 09:50 - 00076106 _____ C:\Users\julianohneadmin\Documents\FRST.txt
2017-07-11 09:50 - 2017-07-11 09:50 - 00057093 _____ C:\Users\julianohneadmin\Documents\Shortcut.txt
2017-07-11 09:50 - 2017-07-11 09:50 - 00035986 _____ C:\Users\julianohneadmin\Documents\Addition.txt
2017-07-11 09:47 - 2017-07-11 09:47 - 02437120 _____ (Farbar) C:\Users\julian\Desktop\FRST64english.exe
2017-07-11 09:46 - 2017-07-11 09:47 - 02437120 _____ (Farbar) C:\Users\julian\Downloads\FRST64 (2).exe
2017-07-11 09:45 - 2017-07-11 09:48 - 00000000 ____D C:\Users\julian\AppData\Roaming\Skype
2017-07-07 11:40 - 2017-07-07 11:40 - 00227842 _____ C:\Users\julianohneadmin\Downloads\Loginsystem_1.3.3_default.zip
2017-07-07 11:32 - 2017-07-07 11:33 - 00000000 ____D C:\Users\julianohneadmin\Desktop\Datenbank
2017-07-07 09:25 - 2017-07-07 09:25 - 00282588 _____ C:\Users\julianohneadmin\Downloads\FRST (2).txt
2017-07-07 09:25 - 2017-07-07 09:25 - 00041617 _____ C:\Users\julianohneadmin\Downloads\Shortcut.txt
2017-07-07 09:25 - 2017-07-07 09:25 - 00041061 _____ C:\Users\julianohneadmin\Downloads\Addition.txt
2017-07-06 22:34 - 2017-07-06 22:34 - 00008698 _____ C:\Users\julianohneadmin\Desktop\reiner code.txt
2017-07-06 22:11 - 2017-07-06 22:11 - 00048809 _____ C:\Users\julianohneadmin\Downloads\QW099056_EVN_2017-06_RE1706202825.pdf
2017-07-06 22:11 - 2017-07-06 22:11 - 00048809 _____ C:\Users\julianohneadmin\Downloads\QW099056_EVN_2017-06_RE1706202825 (1).pdf
2017-07-06 22:11 - 2017-07-06 22:11 - 00021961 _____ C:\Users\julianohneadmin\Downloads\QW099056_RE1706202825_2017-06.pdf
2017-07-06 20:00 - 2017-07-11 09:04 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-06 20:00 - 2017-07-07 09:08 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-06 20:00 - 2017-07-06 20:01 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-06 20:00 - 2017-07-06 20:00 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-06 20:00 - 2017-07-06 20:00 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-06 20:00 - 2017-07-06 20:00 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-06 20:00 - 2017-07-06 20:00 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-06 20:00 - 2017-07-06 20:00 - 00000000 ____D C:\Users\julianohneadmin\AppData\Local\CrashDumps
2017-07-06 20:00 - 2017-07-06 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-06 19:59 - 2017-07-06 19:59 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-06 19:58 - 2017-07-06 19:58 - 64025992 _____ (Malwarebytes ) C:\Users\julianohneadmin\Downloads\mb3-setup-13595.13595-3.1.2.1733-1.0.139-1.0.2060.exe
2017-07-06 15:33 - 2017-07-06 15:33 - 00000000 ____D C:\Users\julianohneadmin\Downloads\SQLiteDatabaseBrowserPortable
2017-07-06 15:18 - 2017-07-06 15:20 - 14843800 _____ (PortableApps.com) C:\Users\julianohneadmin\Downloads\SQLiteDatabaseBrowserPortable_3.9.1_English.paf.exe
2017-07-05 20:35 - 2017-07-05 20:36 - 01019904 _____ (www.byphry.de.vu) C:\Users\julianohneadmin\Downloads\ThumbsDbExtractor.exe
2017-07-05 20:34 - 2017-07-05 20:34 - 00004096 _____ C:\Users\julianohneadmin\Downloads\webview.db
2017-07-05 16:23 - 2017-07-05 16:23 - 00000000 ____D C:\Users\julianohneadmin\Downloads\SARDU_322
2017-07-05 16:21 - 2017-07-05 16:23 - 28672552 _____ C:\Users\julianohneadmin\Downloads\SARDU_322.zip
2017-07-05 15:11 - 2017-07-06 15:22 - 00000000 ____D C:\Users\julianohneadmin\Documents\lounge
2017-07-05 12:28 - 2017-07-06 23:42 - 00000000 ____D C:\Users\julianohneadmin\AppData\Roaming\Skype
2017-07-05 12:28 - 2017-07-05 14:48 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2017-07-05 12:28 - 2017-07-05 14:48 - 00000000 ____D C:\ProgramData\Skype
2017-07-05 12:28 - 2017-07-05 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-07-05 12:28 - 2017-07-05 12:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-05 12:25 - 2017-07-05 12:25 - 01632216 _____ (Skype Technologies S.A.) C:\Users\julianohneadmin\Downloads\SkypeSetup.exe
2017-07-05 11:28 - 2017-07-05 11:31 - 00000000 ____D C:\Users\julianohneadmin\Documents\SQLServer
2017-07-05 11:27 - 2017-07-05 11:28 - 00000000 ____D C:\Users\julianohneadmin\AppData\Roaming\jtl-software
2017-07-05 11:25 - 2017-07-05 11:35 - 00000000 ____D C:\Program Files (x86)\JTL-Software
2017-07-05 11:25 - 2017-07-05 11:25 - 00000000 ____D C:\ProgramData\JTL-Software
2017-07-05 11:21 - 2017-07-05 11:24 - 89810296 _____ (JTL-Software GmbH ) C:\Users\julianohneadmin\Downloads\setup-jtl-wawi_1.2.2.5_170623_61213.exe
2017-07-05 11:15 - 2017-07-05 11:15 - 04706207 _____ C:\Users\julianohneadmin\Downloads\mda2017.zip
2017-07-05 10:23 - 2017-07-05 10:23 - 00008698 _____ C:\Users\julianohneadmin\Documents\vb code.txt
2017-07-05 10:21 - 2017-07-05 10:21 - 00000699 _____ C:\Users\julianohneadmin\Downloads\Form1.zip
2017-07-05 10:17 - 2017-07-05 10:17 - 00000000 ____D C:\Users\julianohneadmin\Desktop\Database_Tutorial
2017-07-05 10:16 - 2017-07-05 10:16 - 00475269 _____ C:\Users\julianohneadmin\Downloads\Database_Tutorial.zip
2017-07-05 10:03 - 2017-07-05 10:04 - 00482562 _____ C:\Users\julianohneadmin\Downloads\SearchButtonDatabase_Tutorial.zip
2017-07-05 09:45 - 2017-07-05 09:45 - 00000000 ____D C:\SymCache
2017-07-05 09:44 - 2017-07-05 09:44 - 00000000 ____D C:\Users\julianohneadmin\AppData\LocalLow\Temp
2017-07-05 09:14 - 2017-07-05 09:15 - 00000014 _____ C:\Users\julianohneadmin\Desktop\pw.txt
2017-07-04 21:46 - 2017-07-04 21:46 - 00136455 _____ C:\Users\julianohneadmin\Downloads\smsniff-x64.zip
2017-07-04 18:48 - 2017-07-04 18:48 - 00023852 _____ C:\Users\julianohneadmin\Desktop\log.pcapng
2017-07-04 18:42 - 2017-07-04 18:42 - 00000000 ____D C:\Users\julianohneadmin\AppData\Roaming\Wireshark
2017-07-04 16:06 - 2017-07-04 19:45 - 00000000 ____D C:\Users\julian\AppData\Roaming\Wireshark
2017-07-04 16:03 - 2017-07-04 16:03 - 00001786 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-07-04 16:03 - 2017-07-04 16:03 - 00001599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2017-07-04 16:02 - 2017-07-04 16:04 - 00000000 ____D C:\Program Files\Wireshark
2017-07-04 15:58 - 2017-07-04 15:59 - 49400720 _____ (Wireshark development team) C:\Users\julianohneadmin\Downloads\Wireshark-win64-2.2.7.exe
2017-07-04 14:13 - 2017-07-07 09:02 - 00000000 ____D C:\Program Files (x86)\Cain
2017-07-04 14:13 - 2017-07-04 14:13 - 00001779 _____ C:\Users\julianohneadmin\Desktop\Cain.lnk
2017-07-04 14:13 - 2017-07-04 14:13 - 00001779 _____ C:\Users\julian\Desktop\Cain.lnk
2017-07-04 14:13 - 2017-07-04 14:13 - 00000000 ____D C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
2017-07-04 14:13 - 2017-07-04 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-07-04 14:13 - 2017-07-04 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2017-07-04 14:13 - 2017-07-04 14:13 - 00000000 ____D C:\Program Files (x86)\WinPcap
2017-07-04 14:10 - 2017-07-04 14:12 - 08244106 _____ C:\Users\julianohneadmin\Downloads\ca_setup_4.9.56.exe
2017-07-04 13:50 - 2017-07-06 10:53 - 00000000 ____D C:\Users\julianohneadmin\Documents\google
2017-07-04 12:47 - 2017-07-04 12:47 - 00000000 ____D C:\Users\julianohneadmin\Downloads\Login
2017-07-04 11:58 - 2017-07-04 12:12 - 00000000 ____D C:\Users\julianohneadmin\Documents\database neues projekt
2017-07-04 11:51 - 2017-07-04 11:51 - 00000000 ____D C:\Users\julianohneadmin\AppData\Local\WindowsApplication1
2017-07-04 11:50 - 2017-07-04 11:50 - 00000000 ____D C:\Users\julianohneadmin\AppData\Roaming\NuGet
2017-07-04 11:43 - 2017-07-05 09:44 - 00000000 ____D C:\Users\julianohneadmin\Documents\Visual Studio 2017
2017-07-04 11:43 - 2017-07-04 11:43 - 00000000 ____D C:\Users\julianohneadmin\AppData\Local\ServiceHub
2017-07-04 11:43 - 2017-07-04 11:43 - 00000000 ____D C:\Users\julianohneadmin\AppData\Local\.IdentityService
2017-07-04 11:13 - 2017-07-04 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-07-04 10:58 - 2017-07-04 10:58 - 00000000 ____D C:\Program Files (x86)\Entity Framework Tools
2017-07-04 10:55 - 2017-07-04 10:55 - 00000000 ____D C:\Program Files\Windows Kits
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\3082
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\2052
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1055
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1049
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1046
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1045
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1042
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1041
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1040
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1036
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1033
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1031
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1029
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\SysWOW64\1028
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\3082
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\2052
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1055
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1049
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1046
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1045
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1042
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1041
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1040
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1036
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1033
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1031
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1029
2017-07-04 10:53 - 2017-07-04 10:55 - 00000000 ____D C:\Windows\system32\1028
2017-07-04 10:41 - 2017-07-04 10:41 - 00000000 ____D C:\Program Files (x86)\NuGet
2017-07-04 10:33 - 2017-07-04 16:02 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-04 10:32 - 2017-07-04 10:32 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-07-04 10:31 - 2017-07-04 10:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2017-07-04 10:31 - 2017-07-04 10:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-07-04 10:26 - 2017-07-04 11:13 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2017-07-04 10:25 - 2017-07-04 10:25 - 00001711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2017-07-04 10:24 - 2017-07-04 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-07-04 10:20 - 2017-07-04 10:20 - 00001467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-07-04 10:18 - 2017-07-04 10:18 - 00245760 _____ C:\Users\julianohneadmin\Downloads\drmdatabase.db
2017-07-04 10:14 - 2017-07-04 11:25 - 00000000 ____D C:\Users\julian\AppData\Roaming\Visual Studio Setup
2017-07-04 10:14 - 2017-07-04 10:14 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-07-04 10:14 - 2017-07-04 10:14 - 00000000 ____D C:\Users\julian\AppData\Roaming\vstelemetry
2017-07-04 10:14 - 2017-07-04 10:14 - 00000000 ____D C:\Users\julian\AppData\Local\ServiceHub
2017-07-04 10:13 - 2017-07-04 10:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-07-04 10:10 - 2017-07-04 10:10 - 01041632 _____ (Microsoft Corporation) C:\Users\julianohneadmin\Downloads\vs_community__2145755656.1499155814.exe
2017-07-04 10:06 - 2017-07-04 10:07 - 05258112 _____ C:\Users\julianohneadmin\Downloads\Login.rar
2017-07-01 18:09 - 2017-07-01 18:09 - 02006756 _____ C:\Users\julianohneadmin\Downloads\RA4WVPN Client (1).zip
2017-07-01 18:09 - 2017-07-01 18:09 - 00000000 ____D C:\Users\julianohneadmin\Desktop\RA4WVPN Client
2017-07-01 18:07 - 2017-07-01 18:07 - 00001007 _____ C:\Users\Public\Desktop\ClipGrab.lnk
2017-07-01 18:07 - 2017-07-01 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2017-07-01 18:07 - 2017-07-01 18:07 - 00000000 ____D C:\Program Files (x86)\ClipGrab
2017-07-01 18:06 - 2017-07-01 18:07 - 21961192 _____ (Philipp Schmieder Medien ) C:\Users\julianohneadmin\Downloads\clipgrab-3.6.5-portable (1).exe
2017-06-30 12:38 - 2017-06-30 12:38 - 00000000 ____D C:\Users\julianohneadmin\AppData\Local\Steam
2017-06-30 12:38 - 2017-06-30 12:38 - 00000000 ____D C:\Users\julianohneadmin\AppData\Local\CEF
2017-06-30 12:12 - 2017-06-30 12:12 - 00000000 ____D C:\Users\julianohneadmin\Documents\Datenbank 12uhr12
2017-06-30 11:44 - 2017-06-30 11:44 - 00000000 ____D C:\Users\julianohneadmin\Documents\Datenbank
2017-06-30 10:26 - 2017-06-28 15:50 - 00425984 _____ C:\Users\julianohneadmin\Desktop\Your_Database.accdb
2017-06-30 09:17 - 2017-06-30 09:17 - 00000000 _____ C:\Users\julianohneadmin\Desktop\hom kv 505.txt
2017-06-28 16:21 - 2017-06-28 16:21 - 00000000 ____D C:\Users\julianohneadmin\AppData\Roaming\VeraCrypt
2017-06-28 12:54 - 2017-06-28 12:58 - 00425984 _____ C:\Users\julianohneadmin\Downloads\Your_Database.accdb
2017-06-28 10:35 - 2017-07-01 18:10 - 00000000 ____D C:\Users\julian\AppData\Local\RA4W_VPN
2017-06-28 10:34 - 2017-06-28 10:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-06-28 10:33 - 2017-06-28 10:33 - 02006756 _____ C:\Users\julianohneadmin\Desktop\RA4WVPN Client (1).zip
2017-06-28 10:33 - 2017-06-28 10:33 - 00000000 ____D C:\Users\julian\AppData\Local\Microsoft Help
2017-06-28 10:32 - 2017-06-28 10:32 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-28 10:27 - 2017-06-28 10:29 - 221280208 _____ (Microsoft Corporation) C:\Users\julianohneadmin\Downloads\AccessRuntime_x86_de-de.exe
2017-06-28 10:26 - 2017-06-28 10:26 - 26784064 _____ (Microsoft Corporation) C:\Users\julianohneadmin\Downloads\AccessDatabaseEngine.exe
2017-06-28 09:15 - 2017-06-28 09:15 - 00000000 ____D C:\Users\julian\AppData\Local\CEF
2017-06-28 09:07 - 2017-06-28 12:56 - 00421888 _____ C:\Users\julianohneadmin\Documents\Your_Database.accdb
2017-06-26 18:31 - 2017-06-26 18:31 - 02006756 _____ C:\Users\julianohneadmin\Downloads\RA4WVPN Client.zip
2017-06-26 18:20 - 2017-06-26 18:20 - 00533008 _____ C:\Users\julianohneadmin\Downloads\justdomains
2017-06-26 18:07 - 2017-06-26 18:07 - 00050437 _____ C:\Users\julianohneadmin\Downloads\llvtlsjyoyiczbkjsxpf.zip
2017-06-25 16:22 - 2017-06-25 16:22 - 02870984 _____ (ESET) C:\Users\julianohneadmin\Downloads\esetsmartinstaller_enu.exe
2017-06-25 16:22 - 2017-06-25 16:22 - 00852798 _____ C:\Users\julianohneadmin\Downloads\SecurityCheck.exe
2017-06-25 16:21 - 2017-06-25 16:22 - 00000000 ____D C:\Users\julianohneadmin\Desktop\Bereinigung nächste Schritte
2017-06-24 13:34 - 2017-06-24 13:34 - 00105980 _____ C:\Users\julianohneadmin\Downloads\FRST (1).txt
2017-06-24 13:31 - 2017-06-24 13:31 - 00058622 _____ C:\Users\julianohneadmin\Desktop\Sonstige Frage zur Rechnung - Bestätigungsseite.pdf
2017-06-24 11:54 - 2017-06-24 11:54 - 00892416 _____ (Farbar) C:\Users\julianohneadmin\Downloads\MiniToolBox.exe
2017-06-24 11:53 - 2017-06-24 11:53 - 04110280 _____ C:\Users\julianohneadmin\Downloads\AdwCleaner.exe
2017-06-24 11:52 - 2017-06-24 11:54 - 00000000 ____D C:\Users\julianohneadmin\Desktop\Bereinigung
2017-06-23 19:02 - 2017-06-23 19:02 - 00218330 _____ C:\Users\julianohneadmin\Downloads\kali-linux-2017.1-i386 (1).torrent
2017-06-23 19:01 - 2017-06-23 19:01 - 02385808 _____ (PortableApps.com) C:\Users\julianohneadmin\Downloads\uTorrentPortable_3.5.0.43804_online.paf.exe
2017-06-23 19:01 - 2017-06-23 19:01 - 00218330 _____ C:\Users\julianohneadmin\Downloads\kali-linux-2017.1-i386.torrent
2017-06-23 19:01 - 2017-06-23 19:01 - 00213654 _____ C:\Users\julianohneadmin\Downloads\kali-linux-2017.1-amd64.torrent
2017-06-23 19:01 - 2017-06-23 19:01 - 00000000 ____D C:\Users\julianohneadmin\Desktop\uTorrentPortable
2017-06-23 19:01 - 2017-06-23 19:01 - 00000000 ____D C:\Users\julianohneadmin\AppData\LocalLow\uTorrent
2017-06-23 19:01 - 2017-06-23 19:01 - 00000000 ____D C:\Users\julianohneadmin\AppData\Local\uTorrent
2017-06-23 18:59 - 2017-06-23 19:00 - 02406080 _____ (BitTorrent Inc.) C:\Users\julianohneadmin\Downloads\uTorrent (1).exe
2017-06-23 18:18 - 2017-06-23 18:18 - 00000000 ____D C:\Users\julianohneadmin\Documents\Benutzerdefinierte Office-Vorlagen
2017-06-23 18:08 - 2017-06-23 18:08 - 00000000 __RHD C:\MSOCache
2017-06-23 18:01 - 2017-06-23 18:02 - 00009799 _____ C:\Users\julianohneadmin\Downloads\Briefvorlagen.zip
2017-06-23 17:43 - 2017-06-23 17:43 - 00218092 _____ C:\Users\julianohneadmin\Downloads\2017-06-19-1486309392%2F05-RG.PDF
2017-06-23 17:27 - 2017-06-23 17:27 - 00000042 _____ C:\Users\julianohneadmin\Desktop\o2.txt
2017-06-21 22:25 - 2017-06-21 22:26 - 34977008 _____ (Adlice Software ) C:\Users\julianohneadmin\Downloads\RogueKiller_setup_12.10.exe
2017-06-21 22:25 - 2017-06-21 22:26 - 16563352 _____ (Malwarebytes Corp.) C:\Users\julianohneadmin\Downloads\mbar-1.09.3.1001.exe
2017-06-21 22:24 - 2017-06-21 22:25 - 01663672 _____ (Malwarebytes) C:\Users\julianohneadmin\Downloads\JRT.exe
2017-06-21 22:18 - 2017-06-21 22:18 - 04922400 _____ (AO Kaspersky Lab) C:\Users\julianohneadmin\Downloads\tdsskiller (1).exe
2017-06-21 22:08 - 2017-06-21 22:08 - 00000000 _____ C:\Users\julianohneadmin\Desktop\fixlist.txt
2017-06-21 21:43 - 2017-06-21 21:45 - 00007899 _____ C:\Users\julian\Desktop\Fixlog.txt
2017-06-21 21:24 - 2017-07-11 09:50 - 00057093 _____ C:\Users\julian\Desktop\Shortcut.txt
2017-06-21 21:23 - 2017-07-11 09:50 - 00035986 _____ C:\Users\julian\Desktop\Addition.txt
2017-06-21 21:21 - 2017-07-11 10:03 - 00014726 _____ C:\Users\julian\Desktop\FRST.txt
2017-06-21 21:21 - 2017-06-21 21:21 - 02439680 _____ (Farbar) C:\Users\julian\Downloads\FRST64 (1).exe
2017-06-17 18:53 - 2017-06-17 18:53 - 00003110 _____ C:\Users\julianohneadmin\Downloads\fixlist.txt
2017-06-17 18:10 - 2017-06-17 18:10 - 00000669 _____ C:\Users\julianohneadmin\Desktop\Fixlog.txt
2017-06-17 17:56 - 2017-06-22 07:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2017-06-17 17:56 - 2017-06-22 07:09 - 00000000 ____D C:\Program Files\Process Hacker 2
2017-06-17 17:56 - 2017-06-17 17:56 - 00000000 ____D C:\Users\julian\AppData\Roaming\Process Hacker 2
2017-06-17 17:53 - 2017-06-17 18:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-17 17:29 - 2017-06-17 17:28 - 00004718 _____ C:\Users\julianohneadmin\Desktop\JRT.txt
2017-06-17 15:21 - 2017-06-17 15:23 - 00000000 ____D C:\Users\julianohneadmin\Desktop\backup usb stick auto
2017-06-17 15:13 - 2017-06-17 15:13 - 35421992 _____ (Adlice Software ) C:\Users\julian\Downloads\setup.exe
2017-06-17 15:11 - 2017-06-22 07:09 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-17 15:10 - 2017-06-17 15:10 - 01663672 _____ (Malwarebytes) C:\Users\julian\Downloads\JRT (1).exe
2017-06-17 15:08 - 2017-06-17 15:09 - 34977008 _____ (Adlice Software ) C:\Users\julian\Downloads\RogueKiller_setup_12.10.exe
2017-06-17 15:08 - 2017-06-17 15:08 - 01663672 _____ (Malwarebytes) C:\Users\julian\Downloads\JRT.exe
2017-06-17 15:07 - 2017-07-11 10:03 - 00000000 ____D C:\Users\julian\AppData\LocalLow\BitTorrent
2017-06-17 14:20 - 2017-06-22 07:09 - 00000000 ____D C:\Users\julianohneadmin\AppData\Roaming\Hide.me
2017-06-17 14:20 - 2017-06-22 07:09 - 00000000 ____D C:\Users\julian\AppData\Roaming\Hide.me
2017-06-17 14:19 - 2017-06-21 21:43 - 00000000 ____D C:\Program Files (x86)\hide.me VPN
2017-06-17 14:19 - 2017-06-17 14:19 - 06289296 _____ (eVenture Limited ) C:\Users\julian\Downloads\Hide.me-Setup-1.2.13.exe
2017-06-17 14:19 - 2017-06-17 14:19 - 00001025 _____ C:\Users\Public\Desktop\hide.me VPN.lnk
2017-06-17 14:19 - 2017-06-17 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hide.me VPN
2017-06-17 14:06 - 2017-05-24 11:23 - 00000914 _____ C:\Users\julian\Desktop\Sandboxed Web Browser.lnk
2017-06-15 11:12 - 2017-06-15 11:12 - 00000222 _____ C:\Users\julian\Desktop\Sniper Fury.url
2017-06-15 11:12 - 2017-06-15 11:12 - 00000000 ____D C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-15 11:02 - 2017-06-15 11:02 - 00000000 ____D C:\Users\julian\AppData\Local\TomTom
2017-06-15 11:01 - 2017-06-15 11:01 - 00000972 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2017-06-15 11:01 - 2017-06-15 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2017-06-15 11:01 - 2017-06-15 11:01 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2017-06-15 11:01 - 2017-06-15 11:01 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2017-06-15 10:57 - 2017-06-15 10:58 - 64712744 _____ (TomTom International B.V.) C:\Users\julianohneadmin\Downloads\InstallMyDriveConnect.exe
2017-06-13 22:39 - 2017-06-02 10:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-13 22:39 - 2017-06-02 10:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-13 22:39 - 2017-05-14 22:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-13 22:39 - 2017-05-14 21:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-13 22:39 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-13 22:39 - 2017-05-14 20:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-13 22:39 - 2017-05-14 20:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-13 22:39 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-13 22:39 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-13 22:39 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-13 22:39 - 2017-05-12 20:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-13 22:39 - 2017-05-12 20:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-13 22:39 - 2017-05-12 20:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-13 22:39 - 2017-05-12 19:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-13 22:39 - 2017-05-10 17:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-13 22:39 - 2017-05-10 17:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-13 22:39 - 2017-05-10 17:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-13 22:39 - 2017-04-28 00:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-13 22:39 - 2017-04-12 15:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-13 22:38 - 2017-06-02 10:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-13 22:38 - 2017-06-02 10:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-13 22:38 - 2017-06-02 10:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-13 22:38 - 2017-06-02 10:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-13 22:38 - 2017-06-02 10:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-13 22:38 - 2017-06-02 10:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-13 22:38 - 2017-06-02 10:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-13 22:38 - 2017-06-02 10:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-13 22:38 - 2017-06-02 10:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-13 22:38 - 2017-06-02 10:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-13 22:38 - 2017-06-02 10:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-13 22:38 - 2017-06-02 10:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-13 22:38 - 2017-06-02 10:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-13 22:38 - 2017-06-02 10:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-13 22:38 - 2017-06-02 10:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-13 22:38 - 2017-06-02 10:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-13 22:38 - 2017-06-02 10:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-13 22:38 - 2017-06-02 10:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-13 22:38 - 2017-06-02 10:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-13 22:38 - 2017-06-02 09:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-13 22:38 - 2017-06-02 09:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-13 22:38 - 2017-06-02 09:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-13 22:38 - 2017-06-02 09:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-13 22:38 - 2017-05-21 06:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-13 22:38 - 2017-05-21 06:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-13 22:38 - 2017-05-21 06:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-13 22:38 - 2017-05-21 06:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-13 22:38 - 2017-05-21 06:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-13 22:38 - 2017-05-21 05:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-13 22:38 - 2017-05-21 05:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-13 22:38 - 2017-05-21 05:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-13 22:38 - 2017-05-21 05:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-13 22:38 - 2017-05-21 05:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-13 22:38 - 2017-05-21 05:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-13 22:38 - 2017-05-21 05:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-13 22:38 - 2017-05-16 20:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-13 22:38 - 2017-05-16 19:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-13 22:38 - 2017-05-14 22:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-13 22:38 - 2017-05-14 22:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-13 22:38 - 2017-05-14 22:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-13 22:38 - 2017-05-14 22:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-13 22:38 - 2017-05-14 22:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-13 22:38 - 2017-05-14 22:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-13 22:38 - 2017-05-14 22:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-13 22:38 - 2017-05-14 22:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-13 22:38 - 2017-05-14 22:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-13 22:38 - 2017-05-14 22:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-13 22:38 - 2017-05-14 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-13 22:38 - 2017-05-14 22:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-13 22:38 - 2017-05-14 22:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-13 22:38 - 2017-05-14 22:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-13 22:38 - 2017-05-14 22:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-13 22:38 - 2017-05-14 22:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-13 22:38 - 2017-05-14 21:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-13 22:38 - 2017-05-14 21:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-13 22:38 - 2017-05-14 21:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-13 22:38 - 2017-05-14 21:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-13 22:38 - 2017-05-14 21:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-13 22:38 - 2017-05-14 21:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-13 22:38 - 2017-05-14 21:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-13 22:38 - 2017-05-14 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-13 22:38 - 2017-05-14 21:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-13 22:38 - 2017-05-14 21:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-13 22:38 - 2017-05-14 21:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-13 22:38 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-13 22:38 - 2017-05-14 21:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-13 22:38 - 2017-05-14 21:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-13 22:38 - 2017-05-14 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-13 22:38 - 2017-05-14 21:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-13 22:38 - 2017-05-14 21:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-13 22:38 - 2017-05-14 21:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-13 22:38 - 2017-05-14 21:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-13 22:38 - 2017-05-14 21:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-13 22:38 - 2017-05-14 21:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-13 22:38 - 2017-05-14 21:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-13 22:38 - 2017-05-14 21:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-13 22:38 - 2017-05-14 21:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-13 22:38 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-13 22:38 - 2017-05-14 21:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-13 22:38 - 2017-05-14 21:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-13 22:38 - 2017-05-14 20:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-13 22:38 - 2017-05-14 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-13 22:38 - 2017-05-14 20:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-13 22:38 - 2017-05-14 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-13 22:38 - 2017-05-14 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-13 22:38 - 2017-05-14 20:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-13 22:38 - 2017-05-14 20:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-13 22:38 - 2017-05-14 20:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-13 22:38 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-13 22:38 - 2017-05-14 20:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-13 22:38 - 2017-05-14 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-13 22:38 - 2017-05-14 20:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-13 22:38 - 2017-05-14 20:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-13 22:38 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-13 22:38 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-13 22:38 - 2017-05-12 20:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-13 22:38 - 2017-05-12 20:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-13 22:38 - 2017-05-12 20:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-13 22:38 - 2017-05-12 20:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-13 22:38 - 2017-05-12 20:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 19:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-13 22:38 - 2017-05-12 19:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-13 22:38 - 2017-05-12 19:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-13 22:38 - 2017-05-12 19:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-13 22:38 - 2017-05-12 19:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-13 22:38 - 2017-05-12 19:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-13 22:38 - 2017-05-12 19:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-13 22:38 - 2017-05-12 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-13 22:38 - 2017-05-12 19:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-13 22:38 - 2017-05-12 19:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-13 22:38 - 2017-05-12 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-13 22:38 - 2017-05-12 19:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 19:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 19:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 19:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-13 22:38 - 2017-05-12 18:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-13 22:38 - 2017-05-12 17:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-13 22:38 - 2017-05-12 17:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-13 22:38 - 2017-05-10 17:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-13 22:38 - 2017-05-10 17:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-13 22:38 - 2017-05-10 17:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-13 22:38 - 2017-05-10 17:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-13 22:38 - 2017-05-10 17:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-13 22:38 - 2017-05-10 17:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-13 22:38 - 2017-05-10 17:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-13 22:38 - 2017-05-10 17:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-13 22:38 - 2017-05-10 17:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-13 22:38 - 2017-05-10 17:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-13 22:38 - 2017-05-10 17:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-13 22:38 - 2017-05-10 17:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-13 22:38 - 2017-05-10 17:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-13 22:38 - 2017-05-10 17:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-13 22:38 - 2017-05-10 17:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-13 22:38 - 2017-05-10 17:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-13 22:38 - 2017-05-10 17:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-13 22:38 - 2017-05-10 17:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-13 22:38 - 2017-05-10 17:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-13 22:38 - 2017-05-10 16:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-13 22:38 - 2017-05-09 17:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-13 22:38 - 2017-05-09 17:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-13 22:38 - 2017-05-09 17:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-13 22:38 - 2017-05-07 17:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-13 22:38 - 2017-05-07 17:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-13 22:38 - 2017-03-30 17:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-13 22:38 - 2017-03-30 16:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-13 21:54 - 2017-06-13 21:54 - 00133602 _____ C:\Users\julianohneadmin\Desktop\FRST.txt
2017-06-13 21:54 - 2017-06-13 21:54 - 00047884 _____ C:\Users\julianohneadmin\Desktop\Shortcut.txt
2017-06-13 21:54 - 2017-06-13 21:54 - 00029413 _____ C:\Users\julianohneadmin\Desktop\Addition.txt
2017-06-13 21:46 - 2017-06-13 21:47 - 02438656 _____ (Farbar) C:\Users\julian\Downloads\FRST64.exe
2017-06-12 22:18 - 2017-06-12 22:18 - 00000000 ____D C:\Users\julianohneadmin\AppData\Roaming\Process Hacker 2
2017-06-12 21:48 - 2017-06-12 21:50 - 00000000 ____D C:\Users\julianohneadmin\AppData\Roaming\TeamViewer
2017-06-12 21:36 - 2017-06-12 21:38 - 15507008 _____ (TeamViewer GmbH) C:\Users\julianohneadmin\Downloads\TeamViewer_Setup.exe
2017-06-11 20:32 - 2017-06-11 20:32 - 36236560 _____ C:\Users\julianohneadmin\Desktop\The Secret To You (HD).zip
2017-06-11 20:29 - 2017-06-11 20:29 - 00000012 _____ C:\Users\julianohneadmin\Desktop\pw archiv.txt
2017-06-11 20:26 - 2017-06-11 20:26 - 02194808 _____ (PortableApps.com) C:\Users\julianohneadmin\Downloads\PWGenPortable_2.9.0.paf.exe
2017-06-11 20:26 - 2017-06-11 20:26 - 00000000 ____D C:\Users\julianohneadmin\Desktop\PWGenPortable
2017-06-11 20:15 - 2017-06-11 20:15 - 00000098 _____ C:\Users\julianohneadmin\Desktop\Neues Textdokument.txt
2017-06-11 20:09 - 2017-06-11 20:10 - 45262755 _____ C:\Users\julianohneadmin\Desktop\The Secret To You (HD).wmv
2017-06-11 19:52 - 2017-06-11 19:54 - 21961192 _____ (Philipp Schmieder Medien ) C:\Users\julianohneadmin\Downloads\clipgrab-3.6.5-portable.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-11 10:03 - 2017-06-05 21:02 - 00000000 ____D C:\FRST
2017-07-11 10:03 - 2017-05-18 10:33 - 00000000 ____D C:\Users\julian\AppData\Roaming\BitTorrent
2017-07-11 10:02 - 2017-06-08 17:22 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-11 10:02 - 2017-05-07 22:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-07-11 09:55 - 2017-05-24 11:23 - 00002120 _____ C:\Windows\Sandboxie.ini
2017-07-11 09:13 - 2009-07-14 06:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-11 09:13 - 2009-07-14 06:45 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-11 09:04 - 2017-06-05 13:08 - 00000000 ____D C:\Users\julianohneadmin\AppData\Roaming\Resilio Sync
2017-07-11 09:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-05 11:18 - 2017-05-24 11:24 - 00001020 _____ C:\Users\julianohneadmin\Desktop\Sandboxed Web Browser.lnk
2017-07-05 10:22 - 2017-06-09 14:06 - 00000000 ____D C:\Users\julianohneadmin\Documents\Visual Studio 2010
2017-07-04 11:14 - 2017-06-08 18:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-07-04 10:31 - 2017-06-08 18:32 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-07-04 10:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-07-04 10:23 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-07-04 10:19 - 2017-06-06 19:26 - 01593980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-04 10:19 - 2009-10-24 17:51 - 00699440 _____ C:\Windows\system32\perfh007.dat
2017-07-04 10:19 - 2009-10-24 17:51 - 00149548 _____ C:\Windows\system32\perfc007.dat
2017-07-04 10:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-04 10:18 - 2009-07-14 07:13 - 01593980 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-30 09:13 - 2017-05-09 20:12 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-30 09:13 - 2017-05-09 20:12 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 10:44 - 2017-05-13 16:43 - 00111536 _____ C:\Users\julianohneadmin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-28 10:38 - 2009-07-14 06:45 - 00437672 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-28 10:35 - 2017-05-07 22:26 - 00111536 _____ C:\Users\julian\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-28 10:34 - 2017-06-08 16:15 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-28 10:33 - 2017-06-08 16:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-24 11:55 - 2017-06-05 13:26 - 00000000 ____D C:\Users\julianohneadmin\Desktop\sync
2017-06-23 19:00 - 2017-05-18 12:03 - 00000000 ____D C:\Users\julianohneadmin\AppData\Roaming\uTorrent
2017-06-22 07:09 - 2017-06-08 23:18 - 00000000 ____D C:\Users\julianohneadmin\Desktop\NetGhost_v1.4
2017-06-22 07:09 - 2017-05-13 16:42 - 00000000 ____D C:\Users\julianohneadmin
2017-06-22 07:09 - 2017-05-09 20:06 - 00000000 ____D C:\Users\julian2
2017-06-22 07:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-06-21 23:14 - 2017-05-14 21:38 - 00000000 ____D C:\Users\julianohneadmin\Desktop\Tor Browser
2017-06-21 22:24 - 2017-06-08 15:50 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-21 21:10 - 2017-05-07 21:27 - 00000000 ____D C:\Users\julian
2017-06-17 14:06 - 2017-05-24 11:25 - 00000000 ___RD C:\Sandbox
2017-06-17 12:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-06-15 10:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-15 10:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-13 23:24 - 2017-05-07 21:45 - 00000000 ____D C:\Windows\system32\MRT
2017-06-13 23:20 - 2017-05-07 21:45 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-12 21:33 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-10 14:02

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by julian (11-07-2017 10:04:08)
Running from C:\Users\julian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-05-07 19:27:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-148578213-2711690863-4211719025-500 - Administrator - Disabled)
Gast (S-1-5-21-148578213-2711690863-4211719025-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-148578213-2711690863-4211719025-1002 - Limited - Enabled)
julian (S-1-5-21-148578213-2711690863-4211719025-1001 - Administrator - Enabled) => C:\Users\julian
julianohneadmin (S-1-5-21-148578213-2711690863-4211719025-1006 - Limited - Enabled) => C:\Users\julianohneadmin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-148578213-2711690863-4211719025-1006\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
Bitcoin Core (64-bit) (HKU\S-1-5-21-148578213-2711690863-4211719025-1001\...\Bitcoin Core (64-bit)) (Version: 0.14.1 - Bitcoin Core project)
BitTorrent (HKU\S-1-5-21-148578213-2711690863-4211719025-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Cain & Abel 4.9.56 (HKLM-x32\...\Cain & Abel 4.9.56) (Version:  - )
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
ClipGrab 3.6.5 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
hide.me VPN 1.2.13 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.2.13 - eVenture Limited)
icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{FE002482-71A5-4B32-9D08-60ADFAF19E07}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{9FBD9D6F-A511-45F5-B672-63A5087F6F89}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{A0007ADE-F6F6-410F-822F-7522B4F0BFDE}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{51783942-DFB0-4452-97CC-BDF2D4AB3A48}) (Version: 15.0.24.0 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kits Configuration Installer (HKLM-x32\...\{0C05DE52-2C77-D6FA-A561-D508CF5FC96E}) (Version: 10.1.15063.137 - Microsoft) Hidden
Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{91BF6CA6-F6AA-4639-944A-627B7D02567E}) (Version: 4.6.01604 - Microsoft Corporation) Hidden
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Access Runtime 2013 (HKLM-x32\...\Office15.AccessRT) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4937.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-148578213-2711690863-4211719025-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2016 (HKLM\...\{FEC926D4-785B-4ED7-B35D-3FA37DD29F8B}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2016 (HKLM-x32\...\{A37BE9D7-EAAE-4C6B-9D7E-DBD8B8D88681}) (Version: 13.0.1601.5 - Microsoft Corporation)
MSI Development Tools (HKLM-x32\...\{074120DA-7DA8-E059-BD8E-5750E97C6046}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0407-0000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Resilio Sync (HKU\S-1-5-21-148578213-2711690863-4211719025-1006\...\Resilio Sync) (Version: 2.5.2 - Resilio, Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 5.18 (64-bit) (HKLM\...\Sandboxie) (Version: 5.18 - Sandboxie Holdings, LLC)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Sniper Fury (HKLM\...\Steam App 591740) (Version:  - Gameloft)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TomTom MyDrive Connect 4.1.5.3181 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.5.3181 - TomTom)
Universal CRT Extension SDK (HKLM-x32\...\{ADD45F52-630A-4F45-8879-A8DB80DF921B}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{919D63C5-565C-F1C3-67D9-353FE902EF11}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0AAB833E-034D-430B-D3E4-39C5753B14AC}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{D29934EC-24B6-0F5D-C6BB-E9ECCF220C12}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{2410D879-0C8F-B254-C207-455E119075B6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{485209AE-37CE-2208-59CB-7BB59AA85BE7}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
USBLogon 1.8.0.1 (HKLM\...\{E7D9D138-7DFA-441A-B1A9-703193C5D6D3}_is1) (Version: 1.8.0.1 - Quadsoft)
vcpp_crt.redist.clickonce (HKLM-x32\...\{F48A9651-9D00-4D94-810E-8738A41F16C2}) (Version: 14.10.25008 - Microsoft Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.19 - IDRIX)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{1070C8E8-4DFB-419F-984A-5C835828897E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{B3988EC1-015B-4A61-A323-BCCCDD218E4F}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{F3217611-B414-4A3A-81BF-6A3A4DB7E743}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{D4DCEC6A-BC59-43D5-866A-AB057E64F73F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{37968509-8B79-4E9A-85D1-6AA39DA2211A}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{80859F5A-D13C-AB8E-4659-B630CFE2599D}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{30DCCFB4-068F-4C5C-BC10-5ECDCAEE55D4}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{45B6202F-A716-C68A-199E-43B106B56A7E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3E5375A1-0E4C-34E3-6294-C1C8BDA823E4}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{6CE744AE-7E0F-00AF-F1BD-077D9AFCBEC6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{FAD08838-3937-0F6C-8787-FDFDFBF63502}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Wireshark 2.2.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.7 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-148578213-2711690863-4211719025-1006_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-148578213-2711690863-4211719025-1006_Classes\CLSID\{581FFA00-FC33-0002-0502-95003A5CDE89}\InprocServer32 -> C:\Users\julianohneadmin\AppData\Roaming\Resilio Sync\ShellExtensionPath64_3C6.dll ()
CustomCLSID: HKU\S-1-5-21-148578213-2711690863-4211719025-1006_Classes\CLSID\{581FFA01-FC33-0002-0502-95003A5CDE89}\InprocServer32 -> C:\Users\julianohneadmin\AppData\Roaming\Resilio Sync\ShellExtensionPath64_3C6.dll ()
ContextMenuHandlers01: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-30] (AO Kaspersky Lab)
ContextMenuHandlers02: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-30] (AO Kaspersky Lab)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-30] (AO Kaspersky Lab)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Intel Corporation)
ContextMenuHandlers06: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-30] (AO Kaspersky Lab)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-148578213-2711690863-4211719025-1006: [Resilio Sync 2.5.2] -> {581FFA00-FC33-0002-0502-95003A5CDE89} =>  -> No File
ContextMenuHandlers4_S-1-5-21-148578213-2711690863-4211719025-1006: [Resilio Sync 2.5.2] -> {581FFA00-FC33-0002-0502-95003A5CDE89} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {9646C122-7B84-4BA2-8078-A7CCC11AD56E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {A75EB9BA-12FF-44B2-B143-A446D9B145E7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {D71E2BE9-5C83-4539-98FD-FC864A6A67BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-09] (Google Inc.)
Task: {E3D411C9-2AF0-47EB-97AA-13013BBBEAC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-09] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-06-08 15:50 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-06-05 13:08 - 2017-06-05 13:08 - 01036800 _____ () C:\Users\julianohneadmin\AppData\Roaming\Resilio Sync\ShellExtensionPath64_3C6.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-06-30 09:13 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-30 09:13 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2015-11-06 02:54 - 2017-07-01 18:09 - 00515584 _____ () C:\Users\julianohneadmin\Desktop\RA4WVPN Client\RA4W VPN32.dll
2015-11-06 02:54 - 2017-07-01 18:09 - 00159344 _____ () C:\Users\julianohneadmin\Desktop\RA4WVPN Client\bin\liblzo2-2.dll
2015-11-06 02:54 - 2017-07-01 18:09 - 00105072 _____ () C:\Users\julianohneadmin\Desktop\RA4WVPN Client\bin\libpkcs11-helper-1.dll
2017-05-31 11:41 - 2017-05-31 11:41 - 01982976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-06-21 21:45 - 00000822 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-148578213-2711690863-4211719025-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\julian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-148578213-2711690863-4211719025-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\julianohneadmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6976B1AF-136F-417F-B484-0A9098EB5B9B}] => (Allow) C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D290A173-DB66-4367-8A62-A2C541CFC775}] => (Allow) C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{08D08C26-2031-4B50-BCCF-5561A48A8846}] => (Allow) C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{52A0E08F-5807-4C98-85C2-8DBAD307933D}] => (Allow) C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{57ABDCAB-4247-41D0-A224-40C77944EA2B}] => (Allow) C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{90C3AD76-E8FE-45F1-B3A5-3FED252420B0}] => (Allow) C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{A317D30E-7763-4234-8CF6-F204CAA6400B}C:\users\julianohneadmin\appdata\roaming\resilio sync\resilio sync.exe] => (Block) C:\users\julianohneadmin\appdata\roaming\resilio sync\resilio sync.exe
FirewallRules: [UDP Query User{674EF9FF-8197-4EB1-B3B2-0F50C4E268D2}C:\users\julianohneadmin\appdata\roaming\resilio sync\resilio sync.exe] => (Block) C:\users\julianohneadmin\appdata\roaming\resilio sync\resilio sync.exe
FirewallRules: [TCP Query User{5FD22959-57A9-41CE-A5CB-4D706CA71A96}C:\users\julianohneadmin\appdata\roaming\resilio sync\resilio sync.exe] => (Block) C:\users\julianohneadmin\appdata\roaming\resilio sync\resilio sync.exe
FirewallRules: [UDP Query User{50D2362F-9410-450F-A8CC-E57CAEDDA181}C:\users\julianohneadmin\appdata\roaming\resilio sync\resilio sync.exe] => (Block) C:\users\julianohneadmin\appdata\roaming\resilio sync\resilio sync.exe
FirewallRules: [{1A96A73D-6C6B-4AE9-93B6-7B18543F1021}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A74DF107-2E36-4273-B10F-995E473985A7}] => (Allow) C:\Users\julian\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{9495ED84-F78D-4228-9320-787FE460209B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6C4E4AB2-DC4F-455F-B3C6-AFEA1D847C1D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{29BAD996-4F51-4950-9B71-CAFA833BD95D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2F9E4279-87CB-4790-AA06-CFBA0DDF9BE6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F85CD4CC-F891-48E8-85C0-4BD88ACE579A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Fury\mcfw.exe
FirewallRules: [{607ADE76-6790-4633-B997-4E522527E823}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Fury\mcfw.exe
FirewallRules: [{B662B117-B049-47E3-B2EF-4E8E194F3EC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EFFACA63-B76F-41CE-8B5B-E0C71C60DFC8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

28-06-2017 09:21:45 Windows Update
28-06-2017 10:31:06 Installed Microsoft Access Runtime 2013
28-06-2017 10:31:40 ACCESSRT
04-07-2017 09:09:01 Windows Update
04-07-2017 10:32:26 Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008
04-07-2017 10:33:38 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008
04-07-2017 10:35:26 Windows Modules Installer
04-07-2017 10:59:11 Windows Software Development Kit - Windows 10.0.15063.137
04-07-2017 16:02:20 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649

==================== Faulty Device Manager Devices =============

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2017 11:34:19 AM) (Source: VBExpress) (EventID: 0) (User: )
Description: Die Datenquelle "{42568f9e-354a-4c76-9916-3225d8c8e750}" gibt keine Unterstützungsanbieter oder nicht registrierte Unterstützungsanbieter an.

Error: (07/07/2017 11:31:13 AM) (Source: VBExpress) (EventID: 0) (User: )
Description: Die Datenquelle "{42568f9e-354a-4c76-9916-3225d8c8e750}" gibt keine Unterstützungsanbieter oder nicht registrierte Unterstützungsanbieter an.

Error: (07/07/2017 10:01:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\julianohneadmin\Downloads\esetsmartinstaller_enu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/06/2017 08:00:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 3.0.0.1068, Zeitstempel: 0x59125ef2
Name des fehlerhaften Moduls: Qt5Core.dll, Version: 5.6.2.0, Zeitstempel: 0x58ed4d4f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0018da93
ID des fehlerhaften Prozesses: 0xfec
Startzeit der fehlerhaften Anwendung: 0x01d2f681be29fd29
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Berichtskennung: ff22afc2-6274-11e7-961d-e81132051f51

Error: (07/05/2017 12:26:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SkypeSetup.exe, Version 7.37.0.103 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1628

Startzeit: 01d2f57909e445d8

Endzeit: 4

Anwendungspfad: C:\Users\julianohneadmin\Downloads\SkypeSetup.exe

Berichts-ID: 5a6e8f3a-616c-11e7-9112-e81132051f51

Error: (07/04/2017 07:12:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\zh-Hant\MSBuildTaskHost.resources.dll because this image is a 32bit assembly; try using 32bit ngen instead.

Error: (07/04/2017 07:12:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\zh-Hant\MSBuild.resources.dll because this image is a 32bit assembly; try using 32bit ngen instead.

Error: (07/04/2017 07:12:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\zh-Hans\MSBuildTaskHost.resources.dll because this image is a 32bit assembly; try using 32bit ngen instead.

Error: (07/04/2017 07:12:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\zh-Hans\MSBuild.resources.dll because this image is a 32bit assembly; try using 32bit ngen instead.

Error: (07/04/2017 07:12:28 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\tr\MSBuildTaskHost.resources.dll because this image is a 32bit assembly; try using 32bit ngen instead.


System errors:
=============
Error: (07/11/2017 09:46:07 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (07/10/2017 04:27:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/10/2017 04:26:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{F9717507-6651-4EDB-BFF7-AE615179BCCF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/10/2017 01:39:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (07/07/2017 01:40:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/07/2017 01:39:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{F9717507-6651-4EDB-BFF7-AE615179BCCF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/06/2017 11:43:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{F9717507-6651-4EDB-BFF7-AE615179BCCF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/06/2017 11:43:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{3FCB7074-EC9E-4AAF-9BE3-C0E356942366}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/06/2017 08:02:25 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (07/06/2017 04:41:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{F9717507-6651-4EDB-BFF7-AE615179BCCF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===================================
  Date: 2017-05-09 22:33:28.848
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2017-05-09 22:33:28.848
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2017-05-09 22:33:28.832
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2017-05-09 22:33:28.832
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2017-05-09 20:39:31.770
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2017-05-09 20:39:31.762
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2017-05-09 20:39:31.719
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2017-05-09 20:39:31.662
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 60%
Total physical RAM: 3892.55 MB
Available physical RAM: 1542.68 MB
Total Virtual: 7783.29 MB
Available Virtual: 4942.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:368.1 GB) (Free:246.92 GB) NTFS
Drive e: (Backup) (Fixed) (Total:51.81 GB) (Free:27.15 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0008D427)
Partition 1: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=51.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Regards
Cookie97

Attached Files


Edited by Cookie97, 11 July 2017 - 07:16 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:20 AM

Posted 11 July 2017 - 01:23 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-11]
ContextMenuHandlers1_S-1-5-21-148578213-2711690863-4211719025-1006: [Resilio Sync 2.5.2] -> {581FFA00-FC33-0002-0502-95003A5CDE89} =>  -> No File
ContextMenuHandlers4_S-1-5-21-148578213-2711690863-4211719025-1006: [Resilio Sync 2.5.2] -> {581FFA00-FC33-0002-0502-95003A5CDE89} =>  -> No File

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know if you have any problems.

#3 Cookie97

Cookie97
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:20 AM

Posted 12 July 2017 - 05:17 AM

Hello nasdaq

 

here the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by julian (12-07-2017 12:03:24) Run:5
Running from C:\Users\julian\Desktop
Loaded Profiles: julian & julianohneadmin (Available Profiles: julian & julianohneadmin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-11]
ContextMenuHandlers1_S-1-5-21-148578213-2711690863-4211719025-1006: [Resilio Sync 2.5.2] -> {581FFA00-FC33-0002-0502-95003A5CDE89} =>  -> No File
ContextMenuHandlers4_S-1-5-21-148578213-2711690863-4211719025-1006: [Resilio Sync 2.5.2] -> {581FFA00-FC33-0002-0502-95003A5CDE89} =>  -> No File
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-09] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-11] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-148578213-2711690863-4211719025-1006\Software\Classes\*\ShellEx\ContextMenuHandlers\Resilio Sync 2.5.2 => key removed successfully
HKU\S-1-5-21-148578213-2711690863-4211719025-1006\SOFTWARE\Classes\CLSID\{581FFA00-FC33-0002-0502-95003A5CDE89} => key removed successfully
HKU\S-1-5-21-148578213-2711690863-4211719025-1006\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Resilio Sync 2.5.2 => key removed successfully
HKU\S-1-5-21-148578213-2711690863-4211719025-1006\SOFTWARE\Classes\CLSID\{581FFA00-FC33-0002-0502-95003A5CDE89} => key not found. 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5692618 B
Java, Flash, Steam htmlcache => 131072 B
Windows/system/drivers => 4647633 B
Edge => 0 B
Chrome => 10507861 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
julian => 409593999 B
julian2 => 0 B
julianohneadmin => 108007409 B
 
RecycleBin => 7442376 B
EmptyTemp: => 528.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:05:23 ====
my computer sometimes open new browser tabs by itself
 

 


Edited by Cookie97, 12 July 2017 - 05:19 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:20 AM

Posted 12 July 2017 - 06:35 AM

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

====

#5 Cookie97

Cookie97
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:20 AM

Posted 12 July 2017 - 08:31 AM

Ok i reset the browser.

are my frst logs ok?
 

Regards
Cookie97



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:20 AM

Posted 12 July 2017 - 09:51 AM

Yes, clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 Cookie97

Cookie97
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:20 AM

Posted 12 July 2017 - 11:27 AM

Hello nasdaq

 

Many thanks for your work 

 

Regards

Cookie97






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users