|
Log-Analyse und Auswertung: Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.08.2018, 20:37 | #1 |
| Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Hallo, heute bekam ich folgende Meldung: _________________ Kaspersky Internet Security Schadsoftware wurde gefunden. Es wird empfohlen, vor dem Neustart des Computers alle laufenden Programme zu schließen und alle Änderungen zu speichern. Gefunden: Trojan.Multi.GenAutorunReg.a Ort: System Memory [Desinfizieren und Computer neu starten] _________________ - Ich habe nichts auf der Meldung angeklickt; sie ist noch sichtbar. - Ich habe alle externen Datenträger entfernt und ein Image der Festplatte gemacht. - Soll ich alle Passwörter ändern? - Ich habe unter anderem folgende zugehörigen Threads gefunden: - https://forum.kaspersky.com/index.php?/topic/396586-trojanmultigenautorunreg/ - https://forum.kaspersky.com/index.php?/topic/398038-trojanmultigenautorunrega-detected-in-memory-and-not-removed/ - https://forum.kaspersky.com/index.php?/topic/361440-trojanmultigenautorunrega/ - ähnlich aber nicht identisch: https://www.trojaner-board.de/175559-trojan-multi-genautorun-task-b-system-memory.html Ich habe Farbar (64) ausgeführt, dabei kam es zu folgendem Fehler: error saving file c:\FRST\HIVES\drivers continue with the next file? [ regcreatekeyex:87 - falscher paramenter ] failed to update Als ich es dann erneut startet, wurde die registry nicht erneut gebackupt, sodass auch der fehler nicht mehr erschien, obwohl er nicht behoben wurde und also weiterhin besteht. Zu naughtypirates stream im log file: https://forums.malwarebytes.com/topic/162382-possible-signs-of-malware-on-my-system/ https://forums.spybot.info/showthread.php?67975-Not-sure-if-I-have-rootkits-or-not Zu SmEdit und AkelPad: Ungefährliche Programmme, ich kenne die Autoren ComputerTime und CWG child weg guardian sind ebenfalls legitim und mir bekannt. dazu gehören auch fltw.exe, wstw.exe wtwatch.exe Ich habe Vertrauen ins Trojanerboard, da mir vor ca. 6 Jahren schonmal gut geholfen wurde. Gern auch wieder eine Spende. Vielen Dank im Voraus für Eure Bemühungen, ich werde alle Anweisungen exakt befolgen. In FRST.txt werden im letzten Monat erstellte Dateien aufgelistet. Aus Datenschutzgründen habe ich einige ungefährliche, mir bekannte / von mir erstelle Dateien aus der Liste gelöscht. https://threats.kaspersky.com/en/threat/Trojan.Multi.GenAutorunReg/ Ich habe eine Letzthoffnung, dass es ein False Positive ist....??? UND DANKE FÜR EURE HILFE IM VORAUS!!! Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018 Ran by d (administrator) on LAVIE (17-08-2018 20:19:54) Running from C:\Users\d\AppData\Local\Temp\scoped_dir5172_2273 Loaded Profiles: d (Available Profiles: d) Platform: Windows 8.1 Pro (Update) (X64) Language: Japanisch (Japan) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTSVC.exe (NEC Personal Computers, Ltd.) C:\Windows\SysWOW64\NTMETER.exe (NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftSvc.exe () C:\Program Files\Prio\prio_svc.exe (Centered Systems) C:\Program Files (x86)\Second Copy 8\ScVssService64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECMFK\necmfk.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECBatt\nbSched.exe (NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTPB.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NEC Personal Computers, Ltd.) C:\Program Files\NPSpeed\NPSpeed.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe (Outertech) C:\Program Files (x86)\Linkman\Linkman.exe (RaMMicHaeL) C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (f.lux Software LLC) C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Centered Systems) C:\Program Files (x86)\Second Copy 8\SecCopy.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Michael Farrell) C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe () C:\Users\d\Desktop\acv507\ArsClip.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Steve Emmons) C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mad Dog Apps) C:\Program Files (x86)\Mad Dog Apps\BatteryMonitor\myBatteryMonitor.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (pXc-coding.com) C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (NEC Personal Computers, Ltd.) C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (NEC Personal Computers, Ltd.) C:\Program Files\EcoViewer\ecomonsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (AkelSoft) C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe (AkelSoft) C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe (AkelSoft) C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [NECMFK] => C:\Program Files\necmfk\necmfk.exe [164176 2013-09-19] (NEC Personal Computers, Ltd.) HKLM\...\Run: [IntelAntiTheftDiscoveryAppIECNotifier] => C:\Program Files (x86)\Intel\Intel Anti-Theft Discovery App\IntelAntiTheftDiscoveryAppIECNotifier.exe [142336 2013-06-25] (Intel Corporation) HKLM\...\Run: [NECBatt] => C:\Program Files\NECBatt\nbSched.exe [356688 2013-08-05] (NEC Personal Computers, Ltd.) HKLM\...\Run: [PeakShiftTool] => C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe [244576 2013-07-02] (NEC Personal Computers, Ltd.) HKLM\...\Run: [NECBTPB] => C:\Program Files\NECBoot\NECBTPB.EXE [2789304 2012-10-05] (NEC Personal Computers, Ltd.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-09-04] (Synaptics Incorporated) HKLM\...\Run: [RcdSettings] => C:\Program Files\NEC\NECRcdSettings\RcdSettings.exe [924536 2013-08-27] (NEC Personal Computers, Ltd.) HKLM\...\Run: [NPSpeed] => C:\Program Files\NPSpeed\NPSpeed.exe [3215152 2013-10-08] (NEC Personal Computers, Ltd.) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft) HKLM\...\Run: [AtrioSide] => C:\Program Files\NEC\AtrioSide\AtrioSide.exe [1193328 2013-09-17] (NEC Personal Computers, Ltd.) HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd) HKLM-x32\...\Run: [SmartUpdate] => C:\Program Files (x86)\NEC\SmartUpdate\reservesu.exe [234232 2013-07-08] (NEC Personal Computers, Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-03-16] (Apple Inc.) HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME} HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Linkman] => C:\Program Files (x86)\Linkman\Linkman.exe [1635200 2015-12-23] (Outertech) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [421240 2016-06-10] (GP Software) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [f.lux] => C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\SecCopy.exe [3128616 2013-01-28] (Centered Systems) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] () HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [WhatsApp] => "C:\Users\d\AppData\Local\WhatsApp\app-0.2.5371\WhatsApp.exe" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [DVSFreeVideoCallRecorder] => "C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\FreeVideoCallRecorder.exe" /minimized HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [IntelliWebSearch] => C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe [224388 2011-04-08] (Michael Farrell) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation) AppInit_DLLs: prio.dll => No File AppInit_DLLs-x32: prio32.dll => No File IFEO\sethc.exe: [Debugger] logonui.exe ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1580408 2016-06-10] (GP Software) ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [350072 2016-06-10] (GP Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Alternative Flash Player Auto-Updater.lnk [2016-01-16] ShortcutTarget: Alternative Flash Player Auto-Updater.lnk -> C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe (pXc-coding.com) Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip - Verknüpfung.lnk [2016-01-25] ShortcutTarget: ArsClip - Verknüpfung.lnk -> C:\Users\d\Desktop\acv507\ArsClip.exe () Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryAlarm - Shortcut.lnk [2016-04-20] ShortcutTarget: BatteryAlarm - Shortcut.lnk -> C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe (Steve Emmons) Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-09-30] ShortcutTarget: Telegram.lnk -> C:\Users\d\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-500\User: Restriction <==== ATTENTION GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1003\User: Restriction <==== ATTENTION GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1001\User: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 cryptomator-vault Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{A589BE57-42CC-439B-99D1-70AED469ADBE}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> DefaultScope {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2016-07-25] (iTools.hk) BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab) BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH) BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2016-07-25] (iTools.hk) BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab) Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab) Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - No File Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab) FireFox: ======== FF DefaultProfile: 2udj1tce.default FF ProfilePath: C:\Users\d\AppData\Roaming\Postbox\Profiles\ify653so.default [2016-02-10] FF ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default [2018-08-17] FF Session Restore: Mozilla\Firefox\Profiles\2udj1tce.default -> is enabled. FF Extension: (Grammarly for Firefox) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-08-09] FF Extension: (Video DownloadHelper) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-09] FF Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-27] FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-19] [Legacy] [not signed] FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-05-28] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-16] () FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] () FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] () FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-16] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] () FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6 Chrome: ======= CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\Default [2018-08-03] CHR Extension: (Präsentationen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-19] CHR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-05-31] CHR Extension: (Docs) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-19] CHR Extension: (Google Drive) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-19] CHR Extension: (YouTube) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-19] CHR Extension: (Tab Count) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfokcacdaonnckdmopmcgeanhkebeaio [2018-07-30] CHR Extension: (uBlock Origin) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-03] CHR Extension: (Tab Glutton) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2018-06-25] CHR Extension: (Tabellen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-19] CHR Extension: (Google Docs Offline) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-05] CHR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05] CHR Extension: (Linkman) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchnedaeogijkjjkjigbijhbcanbdjkc [2018-05-05] CHR Extension: (Google Mail) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-19] CHR Extension: (Chrome Media Router) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11] CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-05] CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd Opera: ======= OPR Session Restore: -> is enabled. OPR Extension: (Simple = Select + Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2017-09-11] OPR Extension: (Instant Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aamgapdgopfdmokckpkfciiddpahbbcg [2017-09-11] OPR Extension: (Google Übersetzer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-02] OPR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aejcgigcjcdcbdkdbeiclbpekcjddapp [2016-01-17] OPR Extension: (Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\afmdpmddiokpdknaeofdnlclbpgehhce [2018-07-25] OPR Extension: (TransOver) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2018-08-08] OPR Extension: (SimpleUndoClose) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aipamoaneebnhkfefefbfmhimclgafig [2018-02-19] OPR Extension: (Redirect Bypasser) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\akalifnifmgdmgmjoaiaflkeahpbkghe [2017-05-04] OPR Extension: (Oxford Dictionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbhgfdkgegllnkmnpidalgbgdghilnha [2016-11-10] OPR Extension: (Select like a Boss) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfigpnfillonohmonbadflnapjejfkgm [2017-10-21] OPR Extension: (V7 Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjcegonlhkkclkkglpgjmgnigefhkak [2018-01-14] OPR Extension: (smartUp Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjfekefhjemchdeigphccilhncnjldn [2018-06-27] OPR Extension: (AdGuard Werbeblocker) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2018-05-19] OPR Extension: (V7 Bookmarks) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpmgfnikhlpakdkeeahboleoommganka [2018-04-27] OPR Extension: (Forvo pronunciation) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccpodfblfjampgmdfllpclalbdckflmi [2017-10-21] OPR Extension: (TrafficLight) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfnpidifppmenkapgihekkeednfoenal [2018-04-11] OPR Extension: (archive.is Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgjpabpjaocpgppajkeplhbipbdippdm [2018-04-08] OPR Extension: (OneTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-12-12] OPR Extension: (ZenMate VPN - Top Internet Security & Unblock) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2018-07-21] OPR Extension: (Shortkeys) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnjnhmmmdopghhihpeoafpkkanlagfjf [2016-04-18] OPR Extension: (Simple Mouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cpbbhbiceidealbcfgodcffnfneffopd [2018-06-08] OPR Extension: (Avast Online Security) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-20] OPR Extension: (Search by Image (by Google)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-03-06] OPR Extension: (Card Numbers for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ddadhlcejiholmdiihbdcfoapdfkhicn [2017-02-28] OPR Extension: (Tabs Backup & Restore) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2017-12-22] OPR Extension: (Just Read) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dgmanlpmmkibanfdgjocnabmcaclkmod [2018-08-16] OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-28] OPR Extension: (Copy All Urls) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2017-11-19] OPR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2018-08-11] OPR Extension: (SurfEasy VPN - Sicherheit, Privatsphäre, Entsperrung) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2018-05-07] OPR Extension: (Google search link fix) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eckgbkpcmkeamlbhpcifhnijehlcogip [2018-04-12] OPR Extension: (Session Buddy) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29] OPR Extension: (HTTPS Everywhere) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2018-06-22] OPR Extension: (Copyfish 🟠Free OCR Software) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eenjdnjldapjajjofmldgmkjaienebbj [2018-01-29] OPR Extension: (VTchromizer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\efbjojhplkelaegfbieplglfidafgoka [2018-04-11] OPR Extension: (Tabs Outliner) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2017-12-22] OPR Extension: (Sort Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ejlljbnghfnfihpiifjaojopfkbgknoi [2016-04-18] OPR Extension: (Copytables) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekdpkppgmlalfkphpibadldikjimijon [2017-10-21] OPR Extension: (Tab Glutton) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2017-02-28] OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekmmelpnmfdegjhnmadddcfjcahpajnm [2018-08-08] OPR Extension: (Vertical Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eknjllkeehiiakhmgjjdoempaocgemkg [2017-03-20] OPR Extension: (Wrona History Menu) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\encidpibliikeaimjmlimnnbjjpnfppl [2016-04-18] OPR Extension: (All in one web searcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\enofjgiadilpmldfknojklfjbeaooiap [2017-09-11] OPR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fcfpagpiibkilokeihmaggjgheaemgbi [2017-12-17] OPR Extension: (Text Lesegerät (Text zu Sprache)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdffijlhedcdiblbingmagmdnokokgbi [2017-11-19] OPR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2018-04-06] OPR Extension: (SimpleUndoClose.test) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjjibgcfnmpcdipdfamlcghkphflpcfb [2017-04-16] OPR Extension: (1Password extension (desktop app required)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnbobholfpcolmkinlokiaaanjilcop [2018-06-27] OPR Extension: (Scroll to Top) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbefdhcpnalckelncafcbmdifclnlmce [2017-11-20] OPR Extension: (Linkman) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbeghboempnjlacepdnkgnpplgjadpnl [2014-06-18] OPR Extension: (Classic Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbekmpnpfkkijbodegokaigmhedbbkmg [2016-01-16] OPR Extension: (SimpleTabOrder) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcphmfnknfenaigpefdlmnbgnjaebjim [2018-02-19] OPR Extension: (XTranslate) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfgpkepllngchpmcippidfhmbhlljhoo [2018-05-28] OPR Extension: (SimpleExtManager) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ggfngijafepjalmbhefafhdeedobcdbf [2018-05-28] OPR Extension: (Super Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme [2017-11-19] OPR Extension: (Etymonline) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\giehjnnlopapngdjbjjgddpaagoimmgl [2018-01-04] OPR Extension: (Selection Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2018-07-26] OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2018-07-21] OPR Extension: (Google Right-Click Multi-Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hacdkngldbgplmdlmdhgiehbmmlckmea [2017-09-13] OPR Extension: (Ultimello, the features pack for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hahbfgjfimnmogoinnenhheepfcphnmm [2018-06-22] OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2018-05-05] OPR Extension: (Video Autoplay Blocker by Robert Sulkowski) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiefnnpeemndbkjphkiffdfjbgaapifa [2016-01-17] OPR Extension: (DotVPN — a better way to VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2018-05-19] OPR Extension: (JavaScript Toggle On and Off) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hldheaackmkeadbfdaiidijnilnbgifo [2018-04-04] OPR Extension: (V7 Gmail Zoom) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnfpfgoekopajiblcenihlclkgphkgmn [2017-04-13] OPR Extension: (I don't care about cookies) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\iambaeepkgdclnmbfdnnohkjjpdglbeo [2018-08-01] OPR Extension: (Sprachenfilter für Wikipedia) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibgceajjjioihilfcdppneoljcaofokk [2018-05-28] OPR Extension: (Wiktionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibncmbgpniokogofpkjnlcpfpiodoppk [2017-10-21] OPR Extension: (Wolfram|Alpha (Official)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2017-11-19] OPR Extension: (Text to Speech (TTS)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ifnfkcmbdaelhfkpkoncangcnhieanmj [2017-10-21] OPR Extension: (Malwarebytes Browser Extension) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-08-16] OPR Extension: (Reader View) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ikmhokpogledimpnfdbcgondkbmfkfjc [2018-06-04] OPR Extension: (Social Fixer for Facebook) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\inficfabgpfjiegjgnhmjdagmhlmakoo [2018-06-27] OPR Extension: (Disable HTML5 Autoplay) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jbinbhipioellbajhbkjlpioadehpfdj [2016-08-03] OPR Extension: (YouTube High Definition) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcdpccclajomeaeeoggbhglfomndjgfp [2016-02-06] OPR Extension: (Close Duplicate Tab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcmhmgmojlljfpfnmlbnipanelaliikl [2016-07-28] OPR Extension: (CloseTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdclfnplpfhdgcmafpbodpejpdnbfhpb [2016-04-20] OPR Extension: (Translate Web Page) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jggobmlojchhlngdhmmdghgganciigof [2016-02-03] OPR Extension: (Font Changer with Google Web Fonts™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2017-11-28] OPR Extension: (User-Agent Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2017-11-19] OPR Extension: (Save To The Wayback Machine) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkoddmeemofcjjeckgiddpgdbnnafoib [2018-05-10] OPR Extension: (Search Window) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmjjleckcgnlmampjifnllbdhkobinbl [2017-12-17] OPR Extension: (View Image - \) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2018-08-16] OPR Extension: (Grammarly for Chrome) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-16] OPR Extension: (The Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbgapjibpomfdnhllkbijmolmnhloona [2016-04-18] OPR Extension: (uBlock Origin) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-07-19] OPR Extension: (Stylus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdinfjomkigjcjcbigolloleeiianaif [2018-07-16] OPR Extension: (Leo Dictionary Widget) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kepemmpmljphklmpfgfmhpjhpdlccpke [2017-10-14] OPR Extension: ( Copy URLs ) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgmdofgghbeipjnddielphhhecgnppab [2016-04-18] OPR Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khgbdhkpcapllhgfekjegcinegfhjbmi [2018-04-09] OPR Extension: (V7 Sessions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmbgihnlknbjgjhmekjeoidpfimabpp [2016-11-10] OPR Extension: (Install Chrome Extensions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-08-17] OPR Extension: (Force Download) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\klahcccondnnonafcbcdgbahphglbjjg [2017-12-11] OPR Extension: (Flash Player for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knbfimhapmnifdchcafinkbfikmomaak [2016-12-15] OPR Extension: (etymon one-click search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knhbicgmdmcjehdpmipibiebegaoiecc [2017-09-16] OPR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19] OPR Extension: (Direct links for Google Image) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lbbpfcajcbdmfhkkleloodefhanneljl [2018-04-12] OPR Extension: (Disable Extensions Temporarily) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lcfdefmogcogicollfebhgjiiakbjdje [2017-09-13] OPR Extension: (Wikimedia Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclegfmhkjbcpiikogacbfbpdgfbdifi [2017-11-19] OPR Extension: (Free Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfkfikiejjfhpfbpgfolfkkdjpepmkal [2018-04-18] OPR Extension: (Sidebar for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljkgfkfopogmclcinephnaeekjiikibd [2017-09-27] OPR Extension: (V7 Drag) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmmhflhfcljkioicbckchnpfiffcjkjp [2017-11-19] OPR Extension: (Nehmen Sie Screenshot der Webseite - FireShot) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-01-08] OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2017-11-19] OPR Extension: (Tab Close Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfkclbfmlbdmjhndmdbbcmlnhojgopdd [2016-04-18] OPR Extension: (CLEAN crxMouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mjidkpedjlfnanainpdfnedkdlacidla [2017-11-20] OPR Extension: (About://Internal Pages) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpkgnldklpemphbfogboacnljgfpnkme [2016-07-28] OPR Extension: (Video Speed Controller) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-07-08] OPR Extension: (Copy URL + Title) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhmdngoiikdcodlpeifbjcjpjhefipal [2016-04-18] OPR Extension: (Save to Pocket) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2018-07-08] OPR Extension: (Violent monkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-11-19] OPR Extension: (Scroll To Top Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\njdplanogllnioicoadncjfgfhdnnpha [2018-08-08] OPR Extension: (dict-cc) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-10-07] OPR Extension: (SaveFrom.net Helfer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2018-08-16] OPR Extension: (Better History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\obciceimmggglbmelaidpjlmodcebijb [2017-12-22] OPR Extension: (Enhancer for YouTube) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2018-08-01] OPR Extension: (Zoom Popup) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofpknbbbohcgomapfgcgadleckdagikj [2016-04-18] OPR Extension: (Google™ Translator Sidebar) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ogmklpmbehclccahgccdnhjipkmmjaom [2017-08-15] OPR Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-07-19] OPR Extension: (Open Multiple URLs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oifijhaokejakekmnjmphonojcfkpbbh [2017-11-21] OPR Extension: (LEO Wörterbuchsuche) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp [2018-01-08] OPR Extension: (Mercury Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2018-06-10] OPR Extension: (Mate Translate – Übersetzer, Wörterbuch) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2018-07-10] OPR Extension: (V7 History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oneajlghdhobcelcgbgkjaipjoopcggg [2017-08-11] OPR Extension: (Remove cookie(s) for the current domain) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\opbghiaphmcbefjfoihikkbpjaoanala [2017-03-16] OPR Extension: (FlexyTrello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pggiemacedhgohmpcgdpceckeicjlgfn [2018-01-05] OPR Extension: (Context Menus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\phlfmkfpmphogkomddckmggcfpmfchpn [2017-11-20] OPR Extension: (Extract Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pibjcpkpaecbpifdkbehcicaoaejkaie [2016-04-18] OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2018-08-01] OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll [] OPR Extension: (Enhancer for YouTube™) - C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_22_0_0_192.dll [] StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files (x86)\Opera developer\Launcher.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.) R2 AS ContentsDL; C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe [70520 2013-09-17] (NEC Personal Computers, Ltd.) R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab) R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2018-04-09] (AOMEI Tech Co., Ltd.) R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-03-29] (Digital Wave Ltd.) R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel) R2 ecomonsv; C:\Program Files\EcoViewer\ecomonsv.exe [280496 2012-12-04] (NEC Personal Computers, Ltd.) R2 ibtsiva; C:\windows\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation) S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [416560 2018-05-28] (AO Kaspersky Lab) R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab) R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd) S4 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [363144 2016-02-05] (Mailbird) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) S4 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2016-12-17] (StagWare) [File not signed] R2 NEC Move Media Server Monitor Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe [134920 2013-12-16] (CyberLink) R2 NEC Move Media Server Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe [375560 2013-12-16] (CyberLink) R2 NECBT SERVICE; C:\Program Files\NECBoot\NECBTSVC.exe [237496 2012-10-05] (NEC Personal Computers, Ltd.) S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft) R2 NT Meter; c:\windows\syswow64\NTMETER.exe [98672 2013-05-08] (NEC Personal Computers, Ltd.) S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH) S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH) S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH) S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.) R2 PeakShiftSvc; C:\Program Files\PeakShiftTool\PeakShiftSvc.exe [289624 2013-07-02] (NEC Personal Computers, Ltd.) R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12704 2017-01-15] () R2 ScVssService64; C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [75048 2013-01-28] (Centered Systems) S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [183568 2018-03-07] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) S2 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [X] S2 EaseUS Agent; "C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe" [X] S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X] S4 watchtw; C:\windows\SysWOW64\wtwatch.exe [X] S2 WebServTw; C:\windows\SysWOW64\wstw.exe [X] S4 wtflserv; C:\windows\SysWOW64\fltw.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\windows\System32\ambakdrv.sys [51120 2016-12-21] () R2 ammntdrv; C:\windows\system32\ammntdrv.sys [171952 2016-12-21] () R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [38320 2017-09-01] () R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab) S3 esihdrv; C:\Users\d\AppData\Local\Temp\esihdrv.sys [149928 2018-04-09] (ESET) <==== ATTENTION R0 EUBAKUP; C:\windows\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R0 EUBKMON; C:\windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] () [File not signed] R1 EUDSKACS; C:\windows\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R1 EUFDDISK; C:\windows\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [231400 2017-05-19] (Intel Corporation) R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] () R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] () R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] () R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab) R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [72904 2017-12-27] (AO Kaspersky Lab) R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [122560 2018-02-02] (AO Kaspersky Lab) R2 kldisk; C:\windows\system32\DRIVERS\kldisk.sys [87752 2018-07-23] (AO Kaspersky Lab) S0 klelam; C:\windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab) R3 klflt; C:\windows\system32\DRIVERS\klflt.sys [220360 2018-07-23] (AO Kaspersky Lab) R1 KLHK; C:\windows\System32\drivers\klhk.sys [1193160 2018-07-23] (AO Kaspersky Lab) R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [1112264 2018-07-23] (AO Kaspersky Lab) R1 klim6; C:\windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab) R3 klkbdflt; C:\windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab) R3 klmouflt; C:\windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab) R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab) S3 klpnpflt; C:\windows\system32\DRIVERS\klpnpflt.sys [45784 2017-11-29] (AO Kaspersky Lab) R3 kltap; C:\windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R1 klwfp; C:\windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab) R1 Klwtp; C:\windows\system32\DRIVERS\klwtp.sys [161080 2018-07-23] (AO Kaspersky Lab) R1 kneps; C:\windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab) R1 MFKGTKEY; C:\windows\system32\drivers\mfkgtkey.sys [26960 2013-09-19] (NEC Personal Computers, Ltd.) R3 necbatt; C:\windows\System32\drivers\necbatt.sys [19760 2013-06-20] (NEC Personal Computers, Ltd.) R3 necextif; C:\windows\System32\drivers\necextif.sys [26448 2013-06-21] (NEC Personal Computers, Ltd.) R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3521032 2017-11-08] (Intel Corporation) S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 Ps2Led; C:\windows\system32\DRIVERS\Ps2Led.sys [18768 2013-09-19] (NEC Personal Computers, Ltd.) R1 Ps2LedIF; C:\windows\system32\drivers\ps2ledif.sys [16208 2013-09-19] (NEC Personal Computers, Ltd.) R3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows (R) Win 7 DDK provider) U3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [31856 2017-03-23] (Windows (R) Win 7 DDK provider) R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-07-18] (Corel Corporation) R3 RadioSwitchHID; C:\windows\System32\drivers\RadioSwitchHID.sys [19456 2012-08-24] (NEC Personal Computers, Ltd.) S3 RTLU3E8023-W8-64; C:\windows\system32\DRIVERS\rtu30x64w8.sys [70656 2013-06-18] (Realtek ) S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation) R0 Sahdad64; C:\windows\System32\Drivers\Sahdad64.sys [28304 2013-07-23] (Corel Corporation) R0 Saibad64; C:\windows\System32\Drivers\Saibad64.sys [20112 2013-07-23] (Corel Corporation) R1 SaibVdAd64; C:\windows\System32\Drivers\SaibVdAd64.sys [27792 2013-07-23] (Corel Corporation) R3 VBoxNetAdp; C:\windows\system32\DRIVERS\VBoxNetAdp6.sys [198032 2018-02-26] (Oracle Corporation) R1 VBoxNetLwf; C:\windows\system32\DRIVERS\VBoxNetLwf.sys [208392 2018-02-26] (Oracle Corporation) S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [125008 2015-12-18] (Oracle Corporation) S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2017-09-24] (OpenLibSys.org) R1 wtfilter_6589; C:\windows\System32\drivers\wtfilter_6589.sys [86488 2017-02-06] () U0 aswVmm; no ImagePath S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X] S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X] S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X] S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Downloads\FRST64.exe 2018-08-17 20:16 - 2018-08-17 20:16 - 000016853 _____ C:\Users\d\Downloads\Download.htm 2018-08-17 20:14 - 2018-08-17 20:19 - 000000000 ____D C:\FRST 2018-08-17 20:13 - 2018-08-17 20:13 - 000001249 _____ C:\Users\d\Desktop\trojaner.txt 2018-08-16 23:57 - 2018-08-16 23:57 - 000000000 ____D C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software 2018-08-16 13:36 - 2018-08-16 13:39 - 000000000 ____D C:\Users\d\Downloads\car 2018-08-16 00:30 - 2018-07-19 09:06 - 007371616 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2018-08-16 00:30 - 2018-07-19 08:48 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2018-08-16 00:30 - 2018-07-19 08:15 - 025745408 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2018-08-16 00:30 - 2018-07-19 06:35 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2018-08-16 00:30 - 2018-07-19 06:33 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2018-08-16 00:30 - 2018-07-19 06:33 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2018-08-16 00:30 - 2018-07-19 06:30 - 005778432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2018-08-16 00:30 - 2018-07-19 06:22 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2018-08-16 00:30 - 2018-07-19 06:22 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2018-08-16 00:30 - 2018-07-19 06:22 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll 2018-08-16 00:30 - 2018-07-19 06:21 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2018-08-16 00:30 - 2018-07-19 06:05 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2018-08-16 00:30 - 2018-07-19 06:03 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2018-08-16 00:30 - 2018-07-19 06:01 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2018-08-16 00:30 - 2018-07-19 05:55 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2018-08-16 00:30 - 2018-07-19 05:55 - 000099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll 2018-08-16 00:30 - 2018-07-19 05:54 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2018-08-16 00:30 - 2018-07-19 05:47 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2018-08-16 00:30 - 2018-07-19 05:46 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2018-08-16 00:30 - 2018-07-19 05:45 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2018-08-16 00:30 - 2018-07-19 05:45 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2018-08-16 00:30 - 2018-07-19 05:43 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2018-08-16 00:30 - 2018-07-19 05:32 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2018-08-16 00:30 - 2018-07-19 05:31 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2018-08-16 00:30 - 2018-07-19 05:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2018-08-16 00:30 - 2018-07-19 05:28 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2018-08-16 00:30 - 2018-07-19 05:28 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll 2018-08-16 00:30 - 2018-07-19 05:28 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2018-08-16 00:30 - 2018-07-19 05:28 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2018-08-16 00:30 - 2018-07-19 05:20 - 001554944 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2018-08-16 00:30 - 2018-07-19 05:17 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll 2018-08-16 00:30 - 2018-07-19 05:09 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2018-08-16 00:30 - 2018-07-19 05:09 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2018-08-16 00:30 - 2018-07-19 05:06 - 001329152 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2018-08-16 00:30 - 2018-07-19 05:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2018-08-16 00:30 - 2018-07-13 09:51 - 002452824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2018-08-16 00:30 - 2018-07-07 20:33 - 001548632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2018-08-16 00:30 - 2018-07-07 19:05 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2018-08-16 00:30 - 2018-07-07 19:02 - 000096768 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2018-08-16 00:30 - 2018-07-07 19:00 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll 2018-08-16 00:30 - 2018-07-07 18:33 - 000078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll 2018-08-16 00:30 - 2018-07-07 18:31 - 000113664 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll 2018-08-16 00:30 - 2018-07-06 19:37 - 001754624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll 2018-08-16 00:30 - 2018-07-06 18:36 - 001491968 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll 2018-08-16 00:30 - 2018-06-30 20:00 - 001113952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys 2018-08-16 00:30 - 2018-06-27 20:10 - 000559104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\csc.sys 2018-08-16 00:30 - 2018-06-27 19:48 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\CscMig.dll 2018-08-16 00:30 - 2018-06-24 17:11 - 000748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll 2018-08-16 00:30 - 2018-06-24 17:04 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll 2018-08-16 00:30 - 2018-06-19 15:38 - 003611136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2018-08-16 00:30 - 2018-06-19 15:38 - 003321344 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2018-08-16 00:30 - 2018-06-19 15:31 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe 2018-08-16 00:30 - 2018-06-19 15:29 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe 2018-08-16 00:30 - 2018-06-16 17:03 - 002779136 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2018-08-16 00:30 - 2018-06-16 16:59 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2018-08-16 00:30 - 2018-06-15 06:34 - 000923512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys 2018-08-16 00:30 - 2018-06-15 04:12 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll 2018-08-16 00:30 - 2018-06-15 03:55 - 000840192 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll 2018-08-16 00:30 - 2018-06-15 03:43 - 000186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll 2018-08-16 00:30 - 2018-06-15 03:26 - 000514560 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv 2018-08-16 00:30 - 2018-06-15 03:22 - 000866304 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll 2018-08-16 00:30 - 2018-06-15 03:19 - 000399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv 2018-08-16 00:30 - 2018-06-08 20:47 - 000083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys 2018-08-16 00:29 - 2018-07-19 06:23 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2018-08-16 00:29 - 2018-07-19 05:53 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2018-08-16 00:29 - 2018-07-19 05:34 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2018-08-16 00:29 - 2018-07-19 05:28 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2018-08-16 00:29 - 2018-06-15 04:28 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2018-08-16 00:29 - 2018-06-15 04:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2018-08-11 07:55 - 2018-08-11 07:55 - 759471852 _____ C:\windows\MEMORY.DMP 2018-08-11 07:55 - 2018-08-11 07:55 - 000296888 _____ C:\windows\Minidump\081118-7421-01.dmp 2018-07-18 08:04 - 2018-07-18 08:04 - 000000600 _____ C:\Users\d\AppData\Local\PUTTY.RND ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-17 20:07 - 2016-02-27 04:33 - 000000000 ____D C:\Users\d\AppData\Local\ClassicShell 2018-08-17 18:41 - 2018-02-19 17:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2018-08-17 17:58 - 2014-06-11 01:27 - 000003868 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A885AFCF-DEDA-4845-AD42-3903A4A06B09} 2018-08-17 16:39 - 2016-10-12 16:25 - 000000000 ____D C:\Users\d\Desktop\_Current 2018-08-17 12:45 - 2014-07-05 21:58 - 000000000 ____D C:\Users\d\AppData\Local\CrashDumps 2018-08-17 04:04 - 2016-12-05 16:31 - 000000000 ____D C:\Users\d\AppData\LocalLow\Mozilla 2018-08-17 02:03 - 2014-06-11 01:30 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417334993-2898295356-3386692794-1001 2018-08-17 01:32 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\ELAM 2018-08-16 19:15 - 2016-01-25 20:22 - 000000000 ____D C:\Users\d\Desktop\linkman database 2018-08-16 16:15 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache 2018-08-16 04:31 - 2016-06-03 21:44 - 000003882 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1464983063 2018-08-16 04:31 - 2016-06-03 21:44 - 000000000 ____D C:\Program Files (x86)\Opera developer 2018-08-16 04:31 - 2014-06-12 21:16 - 000011354 _____ C:\windows\system32\perfh007.dat 2018-08-16 04:31 - 2014-06-12 21:16 - 000006212 _____ C:\windows\system32\perfc007.dat 2018-08-16 04:31 - 2013-08-28 09:06 - 000018338 _____ C:\windows\system32\PerfStringBackup.INI 2018-08-16 04:31 - 2013-08-23 00:47 - 000005884 _____ C:\windows\system32\perfc011.dat 2018-08-16 04:31 - 2013-08-23 00:47 - 000005820 _____ C:\windows\system32\perfh011.dat 2018-08-16 04:31 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf 2018-08-16 04:29 - 2014-06-12 22:14 - 000000000 ____D C:\Program Files (x86)\Opera 2018-08-16 04:26 - 2016-07-25 16:40 - 000003332 _____ C:\windows\System32\Tasks\iToolsDaemon 2018-08-16 04:25 - 2016-01-16 12:43 - 000000000 ____D C:\Users\d\Desktop\acv507 2018-08-16 04:25 - 2016-01-16 12:36 - 000000000 ____D C:\Program Files (x86)\Alternative Flash Player Auto-Updater 2018-08-16 04:24 - 2018-04-12 19:10 - 000000082 _____ C:\windows\SysWOW64\winsevr.dat 2018-08-16 04:24 - 2018-04-12 19:09 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper 2018-08-16 04:24 - 2016-01-11 12:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-08-16 04:24 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2018-08-16 04:24 - 2013-08-22 16:44 - 000602656 _____ C:\windows\system32\FNTCACHE.DAT 2018-08-16 04:23 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\BBI 2018-08-16 04:22 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData 2018-08-16 02:12 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp 2018-08-16 01:55 - 2016-04-19 07:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-08-16 00:45 - 2017-10-21 23:08 - 000004514 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-08-16 00:45 - 2017-10-21 23:08 - 000004378 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2018-08-16 00:45 - 2013-08-22 17:36 - 000000000 ____D C:\windows\SysWOW64\Macromed 2018-08-16 00:45 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\Macromed 2018-08-16 00:06 - 2018-03-14 07:02 - 000004244 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-08-13 15:49 - 2018-03-21 15:19 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant 2018-08-13 08:25 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness 2018-08-11 08:09 - 2014-06-11 01:25 - 000000000 ____D C:\Users\d 2018-08-11 07:55 - 2017-06-30 00:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-08-11 07:55 - 2014-07-05 22:35 - 000000000 ____D C:\windows\Minidump 2018-08-11 07:55 - 2014-06-17 04:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-08-10 00:38 - 2018-05-05 20:25 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-10 00:38 - 2018-05-05 20:25 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-08 19:10 - 2014-06-12 22:14 - 000003862 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1402604082 2018-08-04 01:46 - 2013-08-22 17:38 - 000836480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2018-08-04 01:46 - 2013-08-22 17:38 - 000181120 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-07-29 17:39 - 2016-06-16 16:20 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-07-26 20:36 - 2016-01-11 13:09 - 000000000 ____D C:\windows\system32\appraiser 2018-07-26 20:26 - 2017-05-13 20:36 - 000002086 _____ C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk 2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ___RD C:\Program Files (x86)\Skype 2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ____D C:\ProgramData\Skype 2018-07-25 20:50 - 2016-01-23 02:31 - 000000000 ____D C:\Users\d\AppData\Roaming\Skype 2018-07-23 17:20 - 2018-05-28 23:48 - 001112264 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys 2018-07-23 17:20 - 2018-05-28 23:48 - 000220360 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys 2018-07-23 17:20 - 2018-04-25 16:16 - 000087752 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\kldisk.sys 2018-07-23 17:20 - 2018-02-17 02:50 - 000161080 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klwtp.sys 2018-07-23 17:18 - 2018-04-25 16:16 - 001193160 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys 2018-07-23 17:18 - 2018-04-05 20:02 - 000152360 _____ (AO Kaspersky Lab) C:\windows\system32\klhkum.dll 2018-07-19 19:55 - 2016-04-19 08:31 - 000000000 ____D C:\Users\d\AppData\Roaming\PrimoPDF 2018-07-18 08:06 - 2014-02-28 00:46 - 000000000 ____D C:\Users\d\Desktop\@DT@V _Mdps ==================== Files in the root of some directories ======= 2004-02-06 21:06 - 2004-02-06 21:06 - 000000000 ____H () C:\ProgramData\sdpsenv.dat 2018-07-18 08:04 - 2018-07-18 08:04 - 000000600 _____ () C:\Users\d\AppData\Local\PUTTY.RND 2018-01-13 16:54 - 2018-01-13 16:54 - 000000218 _____ () C:\Users\d\AppData\Local\recently-used.xbel Some files in TEMP: ==================== 2016-06-17 10:37 - 2016-06-17 10:37 - 003045232 _____ (AnVir Software) C:\Users\d\AppData\Local\Temp\AnVir.exe 2016-04-19 08:35 - 2016-04-19 08:35 - 008108488 _____ () C:\Users\d\AppData\Local\Temp\converter.exe 2014-06-19 00:36 - 2014-06-19 00:36 - 000374208 _____ (ESET) C:\Users\d\AppData\Local\Temp\InstHelper.exe 2016-11-03 20:36 - 2016-11-03 20:36 - 000737856 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-01-27 05:24 - 2017-01-27 05:24 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-05-04 14:05 - 2017-05-04 14:05 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-07-21 17:36 - 2017-07-21 17:36 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u141-windows-au.exe 2017-11-24 13:32 - 2017-11-24 13:32 - 001856576 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u151-windows-au.exe 2018-03-28 00:30 - 2018-03-28 00:30 - 001864256 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u161-windows-au.exe 2018-04-25 06:46 - 2018-04-25 06:46 - 001884616 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u171-windows-au.exe 2016-03-23 22:16 - 2016-03-23 22:16 - 000736320 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u77-windows-au.exe 2016-07-04 06:55 - 2016-07-04 06:55 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u91-windows-au.exe 2016-02-09 23:54 - 2016-01-31 21:51 - 000041432 _____ () C:\Users\d\AppData\Local\Temp\kh_5552.dll 2014-06-17 04:32 - 2014-03-25 00:55 - 000099096 _____ () C:\Users\d\AppData\Local\Temp\LMkRstPt.exe 2017-05-29 05:06 - 2017-05-29 05:06 - 001457312 _____ (Sysinternals - www.sysinternals.com) C:\Users\d\AppData\Local\Temp\loeschen64.exe 2016-02-09 23:54 - 2016-01-31 21:51 - 000038872 _____ () C:\Users\d\AppData\Local\Temp\mh_5552.dll 2016-06-03 21:44 - 2016-06-03 21:44 - 001086464 _____ (Opera Software) C:\Users\d\AppData\Local\Temp\Opera_installer_2016634422903.dll 2016-12-16 03:25 - 2018-07-10 21:46 - 065875720 _____ (Paramount Software UK Ltd) C:\Users\d\AppData\Local\Temp\reflectPatch.exe 2016-02-09 05:18 - 2018-07-25 20:51 - 057812744 _____ (Skype Technologies S.A.) C:\Users\d\AppData\Local\Temp\SkypeSetup.exe 2018-04-09 15:53 - 2018-04-09 15:53 - 004845696 _____ (ESET) C:\Users\d\AppData\Local\Temp\SysInspector.exe 2015-12-31 14:07 - 2015-12-31 14:08 - 031948192 _____ (IDM Computer Solutions, Inc.) C:\Users\d\AppData\Local\Temp\uc_english.exe 2017-05-10 12:32 - 2017-05-10 12:32 - 014456872 _____ (Microsoft Corporation) C:\Users\d\AppData\Local\Temp\vc_redist.x86.exe 2015-08-03 01:58 - 2015-08-03 01:58 - 000118784 _____ () C:\Users\d\AppData\Local\Temp\xmlUpdater.exe 2016-02-09 23:52 - 2013-07-06 17:02 - 001520544 _____ (Pitrinec Software) C:\Users\d\AppData\Local\Temp\~cbu_tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-08-17 04:06 ==================== End of FRST.txt ============================ |
17.08.2018, 20:38 | #2 |
| Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) additional.txt:
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by d (17-08-2018 20:20:54) Running from C:\Users\d\AppData\Local\Temp\scoped_dir5172_2273 Windows 8.1 Pro (Update) (X64) (2014-06-10 23:25:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1417334993-2898295356-3386692794-500 - Administrator - Disabled) d (S-1-5-21-1417334993-2898295356-3386692794-1001 - Administrator - Enabled) => C:\Users\d Guest (S-1-5-21-1417334993-2898295356-3386692794-501 - Limited - Disabled) ___VMware_Conv_SA___ (S-1-5-21-1417334993-2898295356-3386692794-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8} AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden . . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden Abelssoft Undeleter (HKLM-x32\...\{1FB7B731-3479-4128-8299-A53922E47675}_is1) (Version: 4.2 - Abelssoft) AbleWord v3.0 (HKLM-x32\...\AbleWord_is1) (Version: - ) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Alternative Flash Player Auto-Updater (HKLM-x32\...\{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1) (Version: 1.2.0.1 - pXc-coding.com) AnVir Task Manager Free (HKLM-x32\...\AnVir Task Manager Free) (Version: - AnVir Software) AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.0.0.0 - iMobie Inc.) AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.) Apple Application Support (32-Bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.) Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation) Bluefish 2.2.10 (HKLM-x32\...\Bluefish) (Version: 2.2.10 - The Bluefish Developers) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU) CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World) CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden doPDF 8 (HKLM-x32\...\{fb478b24-519a-43d4-aeea-9a6712d28811}) (Version: 8.5.940 - Softland) EaseUS Todo Backup Home 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd) ECOã¿ãˆã‚°ãƒ©ãƒ• (HKLM\...\{01F84262-DBC2-4B4D-8C4A-1C82D2CD88AA}) (Version: 1.5.0 - NEC Personal Computers, Ltd.) ECOモードè¨*定ツール (HKLM\...\{1D2AF0E5-3B07-4B0F-98BD-03F0918BC367}) (Version: 5.7.0 - NEC Personal Computers, Ltd.) EditPlus (64 bit) (HKLM\...\EditPlus) (Version: - ES-Computing) EF Process Manager (HKLM-x32\...\EF Process Manager) (Version: - EFSoftware) EmEditor (64-bit) (HKLM\...\{36CC25CA-2E71-4839-A822-0D1EC0E52145}) (Version: 15.7.2 - Emurasoft, Inc.) ExactFile 1.0.0.15 (HKLM-x32\...\ExactFile_is1) (Version: - StudyLamp Software LLC) f.lux (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Flux) (Version: - f.lux Software LLC) Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.73.328 - Digital Wave Ltd) Geany 1.26 (HKLM-x32\...\Geany) (Version: 1.26 - The Geany developer team) GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden GPSoftware Directory Opus (HKLM-x32\...\{0A6AA615-5321-43A0-AFAE-97BF95013EA0}) (Version: 11.19 - GPSoftware) Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.) HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software) iMazing 2.5.4.0 (HKLM\...\iMazing_is1) (Version: 2.5.4.0 - DigiDNA) iMyfone D-Back 4.5.1.0 (HKLM-x32\...\{071B9303-5881-4BC6-B9E9-2E2D22C015C1}_is1) (Version: 4.5.1.0 - Shenzhen iMyfone Technology Co., Ltd.) Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.7.0.179 - Intel) Hidden Intel(R) Computing Improvement Program (HKLM\...\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}) (Version: 2.1.03638 - Intel Corporation) Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3338 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.3.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{396E9B28-F15F-4C05-A401-99DE1874C2CA}) (Version: 4.2.40.2439 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000071-0190-1031-84C8-B8D95FA3C8C3}) (Version: 19.71.0 - Intel Corporation) Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel) Java 10.0.1 (64-bit) (HKLM\...\{D33DF729-38BB-5651-9D40-93BFEFB5DCED}) (Version: 10.0.1.0 - Oracle Corporation) Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy) Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) KeyboardTest V3.2 (HKLM\...\KeyboardTest_is1) (Version: 3.2 - PassMark Software) KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - ) L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version: - ) LibreOffice 6.0.5.2 (HKLM\...\{9645CDEF-085C-45F7-A3CD-B4B7046EF78C}) (Version: 6.0.5.2 - The Document Foundation) Linkman (HKLM-x32\...\Linkman) (Version: 8.98 - Outertech) Macrium Reflect Free Edition (HKLM\...\{1A399324-9784-4384-927F-0FEA922BC516}) (Version: 7.1.3317 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.) Malwarebytes Version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes) Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden MicroDicom DICOM viewer 2.2.5 (HKLM-x32\...\MicroDicom) (Version: 2.2.5 - MicroDicom) Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.) Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation) Microsoft Server Speech Text to Speech Voice (de-DE, Hedda) (HKLM-x32\...\{ACFCC7B5-C028-40AE-A5F5-9778B41F22A2}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{e7784e4f-df08-46b2-8c4f-f981ee32bcff}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{970F982A-E889-486B-BB26-B8598280D924}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla) Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla) Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla) MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) music.jp PLAY 4.0 (HKLM-x32\...\music.jp PLAY_is1) (Version: 4.0 - Ventis Media Inc.) NoteBook FanControl (HKLM-x32\...\{00111A7A-77A7-4AC6-A272-A56DFAD517E7}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare) Hidden NoteBook FanControl (HKLM-x32\...\{666d9f07-291b-44a5-b86f-d5240e78692d}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team) NoteTab 7 Trial (Remove only) (HKLM-x32\...\NoteTab 7 Trial_is1) (Version: 7.2 - Fookes Holding Ltd) OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation) Opera developer 56.0.3045.0 (HKLM-x32\...\Opera 56.0.3045.0) (Version: 56.0.3045.0 - Opera Software) Opera Stable 54.0.2952.71 (HKLM-x32\...\Opera 54.0.2952.71) (Version: 54.0.2952.71 - Opera Software) Oracle VM VirtualBox 5.1.34 (HKLM\...\{2FDA51A1-BCE0-40C6-9EC9-7778F72525C9}) (Version: 5.1.34 - Oracle Corporation) PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH) PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH) PDF-XChange Editor (HKLM\...\{5C198985-6833-4F92-BE9A-33FC8ACC1025}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.) Hidden PDF-XChange Editor (HKLM-x32\...\{344e7cdb-4fda-4dc1-9dd8-1fa7b1694d7c}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.) PhoneRescue (HKLM-x32\...\PhoneRescue) (Version: 3.1.2.0 - iMobie Inc.) Pinta 1.6 (HKLM-x32\...\{833CBF68-0FE7-44A4-86E6-71DE50A30465}) (Version: 1.6.0.0 - Pinta Community) Hidden Pinta 1.6 (HKLM-x32\...\{aaa32734-ca38-494d-836c-f41822d11ed5}) (Version: 1.6.0.0 - Pinta Community) Play.net (HKLM-x32\...\{8CE3D78F-7B81-46F5-977A-12DBA2CB5B9A}) (Version: 2.1.6 - NEC Personal Computers, Ltd.) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Postbox (4.0.8) (HKLM-x32\...\Postbox (4.0.8)) (Version: 4.0.8 (en-US) - Postbox, Inc.) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) Prio (HKLM\...\Prio) (Version: 2.1.0.4391 - ) Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32) Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.0.0.276 - Bitsum) PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala) PyKeylogger - Simple Python Keylogger (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\PyKeylogger) (Version: 1.2.1 - ) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) Roxio Creator LJ (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.2.43.19 - Roxio) Second Copy 8 (HKLM-x32\...\Second Copy 8_is1) (Version: 8.1.2.0 - Centered Systems) SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com) Smart Update (HKLM-x32\...\{EA65772D-1999-462B-BFC0-480A9515ABCC}) (Version: 2.0.2.0 - NECパーソナルコンピュータæ*ªå¼ä¼šç¤¾) SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.) Hidden SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\InstallShield_{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.) SmEdit v1.170 (HKLM-x32\...\SmEdit) (Version: 1.170 - Sinner Computing) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.8 - Synaptics Incorporated) Syncios Data Recovery 1.0.9 (HKLM-x32\...\Syncios Data Recovery) (Version: 1.0.9 - Anvsoft) System Checkup 4.0 (HKLM-x32\...\{918D30D3-AD9B-43A8-9EF7-463075DC93CD}_is1) (Version: 4.0.0.146 - iolo technologies, LLC) TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer) TED Notepad (HKLM-x32\...\TED Notepad) (Version: 6.0.2 - Medvedik, Juraj Simlovic) TextPad 8 (HKLM\...\{861AB1C1-1967-4C4A-BF86-C255E2D2B8FD}) (Version: 8.0.0 - Helios) VEDIT 6.2 (HKLM-x32\...\Vedit) (Version: - ) VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - ) WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc) WhatsApp (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\WhatsApp) (Version: 0.2.5371 - WhatsApp) WhoCrashed 6.01 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows-Treiberpaket - Intel (NETwNb64) net (10/16/2017 19.10.10.2) (HKLM\...\87BD50FDDBB077656313DAABF938DE8C31D89265) (Version: 10/16/2017 19.10.10.2 - Intel) Windows-Treiberpaket - Intel (NETwNb64) net (10/31/2017 18.33.11.2) (HKLM\...\D6CC402604E3676A6C8B5028A493400358139A70) (Version: 10/31/2017 18.33.11.2 - Intel) WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software) WMV Joiner version 1.1.2.8 (HKLM-x32\...\WMV Joiner_is1) (Version: - ) ãŠã™ã™ã‚メニューNavi (HKLM\...\{69561DE9-373F-4273-AE2D-BD076E552C0C}) (Version: 2.2.1 - NEC Personal Computers, Ltd.) ãŠã™ã™ã‚è¨*定 (HKLM\...\{61558C29-0C3A-442B-A43C-C883B94E8929}) (Version: 1.0.0 - NEC Personal Computers, Ltd.) ãŠã¦ãŒã‚‹ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ— (HKLM-x32\...\{F353F974-64FF-44F5-AE2D-D079964C5685}) (Version: 4.6 - Roxio) オンスクリーン表示ã®è¨*定 (HKLM\...\{C8E0D8C6-7C6B-4EBE-B02A-C97E17796B97}) (Version: 1.0.0 - NEC Personal Computers, Ltd.) クイックパワーオン (HKLM\...\{98916919-5ACD-415A-AA04-7B7B0A425BE6}) (Version: 1.1.0 - NEC Personal Computers, Ltd.) ソフト&サãƒãƒ¼ãƒˆãƒŠãƒ“ゲーター (HKLM-x32\...\{8AF94405-08BB-4CF6-8856-84C88EAA7ECA}) (Version: 1.5.7 - NEC Personal Computers, Ltd.) ソフト&サãƒãƒ¼ãƒˆãƒŠãƒ“ゲーター修æ*£ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ï¼ˆ2013年秋冬) (HKLM-x32\...\{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 - ) Hidden ソフト&サãƒãƒ¼ãƒˆãƒŠãƒ“ゲーター修æ*£ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ï¼ˆ2013年秋冬) (HKLM-x32\...\InstallShield_{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 - ) Hidden ソフト&サãƒãƒ¼ãƒˆãƒŠãƒ“ゲーター修æ*£ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ï¼ˆWindows 8.1対応) (HKLM-x32\...\{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 - ) Hidden ソフト&サãƒãƒ¼ãƒˆãƒŠãƒ“ゲーター修æ*£ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ï¼ˆWindows 8.1対応) (HKLM-x32\...\InstallShield_{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 - ) Hidden ãƒãƒƒãƒ†ãƒªãƒ»ãƒªãƒ•ãƒ¬ãƒƒã‚·ãƒ¥ï¼†è¨ºæ–*ツール (HKLM\...\{B3806CF1-829E-4280-BC3E-1636035908FD}) (Version: 1.12.0 - NEC Personal Computers, Ltd.) パãƒãƒ«ã‚ªãƒ¼ãƒ—ンパワーオンã®è¨*定 (HKLM\...\{D637EF1B-3B6A-4680-A2F2-ACB6BF464DFA}) (Version: 1.2.0 - NEC Personal Computers, Ltd.) パワーオフUSBå……é›»ã®è¨*定 (HKLM\...\{DFA0E609-8481-4E32-828E-7311E4936F99}) (Version: 2.4.0 - NEC Personal Computers, Ltd.) ピークシフトè¨*定ツール (HKLM\...\{4F3E3604-F81F-4768-BD87-6A692338A847}) (Version: 1.3.0 - NEC Personal Computers, Ltd.) ファイナルパソコンデータ引越㗠9 plus for NEC (HKLM-x32\...\{EE57E154-979A-4C6D-8459-296B1526D3FE}) (Version: 7.00.629.0 - AOS Technologies) フォト ギャラリー (HKLM-x32\...\{CAF46B72-12E2-4FE7-A348-45999E69E1FE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ワンタッãƒã‚¹ã‚¿ãƒ¼ãƒˆãƒœã‚¿ãƒ³ã®è¨*定 (HKLM\...\{AB281E2C-FA39-4CC0-B1B0-3DF24AD5B3D0}) (Version: 1.19.1312 - NEC Personal Computers, Ltd.) Hidden å†ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—メディア作æˆãƒ„ール (HKLM-x32\...\{157C8082-2627-4236-A6CC-B797CF91D576}) (Version: 6.2.0 - NEC Personal Computers, Ltd.) ç*†ãã‚‹ã‚ 20 (HKLM-x32\...\{02D371DE-95DC-4F6F-A1A6-4C957D6721A9}) (Version: 20.00.0008 - 富士ソフトæ*ªå¼ä¼šç¤¾) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{05468442-062B-425B-A1E5-7DC9077C0734}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{070057DA-0223-4D7E-B886-7CF38806F044}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0C89916D-7B21-4578-805E-A62B6DB24B85}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0EAEF7F0-4566-4FC1-9170-8A02C4889CBD}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{110BD641-44EE-4E95-9CC9-0E21EDAB4A3B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1132C079-B5D2-47CC-8976-C03989AB1531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1153FA7B-6348-420B-B0BF-E6B63D9AA284}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{132C9446-2F32-4CBA-8C03-FB8C8FFECAF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{13526224-3C67-43AB-82A8-2740A138723E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{166669E8-3E01-4D42-B3C0-62FADDBAB00A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{181AC033-9534-4567-B173-6DA6525424E3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19261A68-E50E-497B-A0BA-9909C586A9D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19B119EA-A452-477B-8423-EAF115A29CEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1DEDC126-F5F3-48F1-9DB5-03D9BBC4F83E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1E65BA05-6325-4B65-9D63-97DF1FEC92BB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{22410B2E-909D-4A70-8234-C64A75F9B844}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{262E2007-2F51-430E-9F43-A2F4BE8AAB65}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2797C792-9879-47ED-944C-19EBE866FC24}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2847421D-1EE5-4356-AFB2-DFE4E9D61C68}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{28916419-ECF6-45F0-8F20-87024C3837F6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{295CEEF4-708C-48DB-8F3B-C30047A51281}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2BDB4786-A72C-4775-8FA4-A59967325612}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2CE81929-7B17-4394-ABBF-765AF900A3EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32515D47-A1DD-4E97-A8B9-4B92D517C8A8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32ABFD53-EC5A-4A31-8FB6-A0E8EEA4A31F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{35A48AC8-5632-4A47-B564-7B75321826E1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3932E526-705D-41B5-83FD-87D1DB82B6A7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3C0C7828-2BD0-4B57-B656-B5DB09550E73}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3DDC5BB3-A9B0-4787-B700-AD84FD0EB4D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3E7FF6D2-2973-4FA7-BDD8-1924AFDF2764}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{40BCE962-264C-452E-92E7-B5F35B3F2436}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{42AA6491-4D25-4054-AF0E-203B0780C144}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{43C9A239-A357-4176-9DED-49CFECD93C0B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{44AB264B-7136-4E41-A9AC-B9F876D162EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4B0CA027-383D-41E6-97D7-F5EDEBC4916F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4C7A1662-008F-4EDC-97D3-D4199B062B4A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAD847C-28D6-4EA2-A833-63AC04BBDB02}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAFD059-0F6A-4024-A81A-087CDB7D4633}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{51D11E0A-BF6C-4E44-8AB0-1AA8A2A73BF4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{58F1A0DF-3038-4DD1-BCF6-406DD6AA4D1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll () CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E0CBCC1-A35D-447F-923F-5783E22ED791}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E5558B7-1B65-4EA1-92F4-8E9567C2ABFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{606372CE-5093-4FD7-A37D-3CE22496B6F9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{61267647-B40C-4050-ACE4-985D93253DFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{62162BC5-8419-4241-980C-649CC91B1E1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6282C6EB-E17C-4617-B72B-DB671AC7ABDE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{638C2808-47DE-4CC6-99B5-789EB0C86D77}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6619B693-BB07-475B-B595-C77E4CD3EBEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{68F233B6-F8C3-4A96-9100-003BCDCE53B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6CA7C35E-1FC1-4C66-91A7-1FE5178F36A9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6DB6DF3B-0DF4-4C66-B0FD-216BA16A1D34}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{721088D3-BD36-468C-8916-B5F2074F8023}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{760A2160-66F5-42F2-AD7A-A62AD9756CDF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7660000A-03D2-476F-91FC-2D863D6DCC03}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7725641E-7AB5-49EE-922D-E703CDB98588}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{782485F1-AA61-4F5F-8A59-03B6D2FF91C1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7AAA42E5-5C43-48D1-B298-71146A878F7C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7E6249E7-95C5-40CF-8E15-0034BA49F49B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{849783D6-6561-434F-ACE1-8A67783ED4FF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{8ED73585-3AA8-41E2-A98B-85FE2857B420}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{9F92194F-9039-4E49-BB83-1168EC86ABD9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A1B66AF8-20FB-4B52-947E-60F2048A2821}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A57DB49B-ABA0-45BE-AA2D-28C13E2919D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A782D6BE-5799-406E-86E1-6C5442F0D902}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B032B620-06B1-4D98-B09E-9D5BD7CD3BEC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B0F43F65-6282-457A-AAFC-8B0597EB8591}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B3726FEF-1166-4B1C-AB33-1FD76AE2B0E7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll () CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B604EC25-0C5D-48DB-9E7C-243EDB3D84BF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B80972C9-AF80-4F71-BB2B-9CB1FAED19F0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BC5D198E-58DF-4267-BBDB-22FF193B255D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BF87ECFF-1A50-4CDD-BF9F-991EDCF75B1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C09AC76A-826E-491E-87E0-46807D8215A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3B42C03-C1B7-4c1a-B384-BBAE19646333}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll () CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3D9D1E2-08A6-4937-AC5B-AA1E9A0971B9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C4E34FA1-F051-4754-AC47-B946EA04031D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C85E45FD-576D-43FE-81C5-C4012999FEFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8618129-8966-4851-A99A-4EEF208620AF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8F46A32-4FE4-408C-9F91-7F06460F42AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CB2CFC1A-5069-475C-B4BD-621E2A9A3A1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CFB39FCE-8A04-479A-9248-0D3F45763954}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DAFE2BB3-20A0-45EA-A032-D42627572BCC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DCBA6A6C-FEBD-4BE5-B027-B59730A4BA22}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DF3FAE68-02A8-4A29-A254-D04E03E4058D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DFA026EA-2024-4088-8417-126A2E2D2486}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{EAE666EA-3CB0-403D-974F-5D8358DE67FA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F0E2DAE4-25FA-4638-B789-B01CA9B4329C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F2AC96B1-3579-4F87-9111-DC670C02BEEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F43FEE01-24DB-4AC9-8FCF-73F1CBECDD8C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F8069691-0850-4326-B317-D5AF35F5DFA0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F83118C7-0841-4A6C-BA28-855B24B17C1A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F93AD34F-D933-4BB7-917E-694DB52F82F8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FB3D4710-33E5-4E78-8BF5-CE34A431174F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FC48C6DE-CEEB-4774-9412-2FF5689A8C9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] () ContextMenuHandlers1: [EditPlus] -> {36D94110-787C-4828-9C1B-0DAFEBC36069} => C:\Program Files\EditPlus\eppshell64.dll [2015-07-07] () ContextMenuHandlers1: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.) ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project) ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-05-28] (AO Kaspersky Lab) ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH) ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd) ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) ContextMenuHandlers2: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.) ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project) ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-05-28] (AO Kaspersky Lab) ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd) ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) ContextMenuHandlers4: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.) ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project) ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-05-28] (AO Kaspersky Lab) ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2014-06-13] (Intel Corporation) ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project) ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-05-28] (AO Kaspersky Lab) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft) ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software) ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2015-11-29] () ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] () ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraEdit] -> {b5eedee0-c06e-11cf-8c56-444553540000} => C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll [2015-12-15] () ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software) ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] () ContextMenuHandlers5_S-1-5-21-1417334993-2898295356-3386692794-1001: [DOpus] -> {B9DD4945-1BED-4CB7-994C-F40B72B7725A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0FC94078-783C-4F45-9A83-EA7E687FF98A} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe Task: {1C957448-077E-44CE-A9AF-942431EDCAAF} - System32\Tasks\Opera scheduled Autoupdate 1402604082 => C:\Program Files (x86)\Opera\launcher.exe [2018-08-07] (Opera Software) Task: {49D7EB9A-811C-4735-80A0-C626241A15DD} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-26] (Oracle Corporation) Task: {4AEAC1FC-86EF-4742-9F8F-B9BB85B7E32A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation) Task: {56E998C4-C729-4325-8DA2-4D1C164BFFFA} - System32\Tasks\Opera scheduled Autoupdate 1464983063 => C:\Program Files (x86)\Opera developer\launcher.exe [2018-08-14] (Opera Software) Task: {5F6982B9-126D-4D86-B365-2E3DD4E00566} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2016-07-25] () Task: {662EC505-D38A-4048-88F0-30F654CC04AC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-05-28] (AO Kaspersky Lab) Task: {7027B04B-9076-44EF-BC3F-B062A5C7E483} - System32\Tasks\iolo SCU task one => C:\ProgramData\iolo\SCU\sculnch.lnk [Argument = /toaster] Task: {74E6B7CD-C7A0-4552-8046-5B979C3B430F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-16] (Adobe Systems Incorporated) Task: {7A7C5B78-C9AB-45BE-A61B-68419944F701} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated) Task: {87DE09A6-0A20-44AF-9ECC-173BF2339374} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.) Task: {8934D95E-BD1D-4B60-A7AA-28FD77234F91} - System32\Tasks\Anvirlauncher => C:\Program Files (x86)\AnVir Task Manager Free\anvirlauncher.exe [2016-02-28] (AnVir Software) Task: {9331D4AE-B609-43C9-A4F8-B611DEFF68FA} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {A06C3BF2-C5E5-417C-AE66-C08BCDCCC271} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {A228AF77-7ABF-4820-A6E7-DA52E1BF7474} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation) Task: {A61B8BBA-960E-417E-B619-DE3911B4B16E} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2016-03-03] () Task: {AC925663-4A09-4B04-A33D-931EF33440D9} - System32\Tasks\{81F0B437-B032-4F42-869E-9200A9004B28} => c:\program files (x86)\opera\launcher.exe [2018-08-07] (Opera Software) Task: {ADDFE40F-97EB-4137-90F2-DFF443367FF5} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-16] (Adobe Systems Incorporated) Task: {B211236C-FE4B-41DA-8712-37B56F7D9092} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [2018-08-16] (Adobe Systems Incorporated) Task: {BBB5FFB3-5780-4C21-BA21-95B793B6AFC4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Task: {BCD4E4EC-D945-40F3-9E6A-E0BAFB278317} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-04] (Synaptics Incorporated) Task: {DF167F93-F3BA-4561-93FC-768E43939C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.) Task: {EDDC835F-5FFF-47DA-8849-A24D9414705E} - System32\Tasks\Core Temp Autostart d => C:\Program Files\Core Temp\Core Temp.exe [2018-05-20] (ALCPU) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-04-19 07:32 - 2015-09-01 15:41 - 000095008 _____ () C:\windows\System32\Primomonnt.dll 2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-08-12 12:06 - 2013-08-12 12:06 - 000198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-08-12 12:06 - 2013-08-12 12:06 - 000054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-08-12 12:06 - 2013-08-12 12:06 - 000034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2017-01-15 23:31 - 2017-01-15 23:31 - 000012704 _____ () C:\Program Files\Prio\prio_svc.exe 2016-07-25 16:40 - 2016-07-25 16:40 - 000486264 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe 2015-12-17 12:13 - 2015-12-17 12:13 - 004930560 _____ () C:\Users\d\Desktop\acv507\ArsClip.exe 2018-05-28 23:51 - 2018-07-23 17:17 - 000864112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\kpcengine.2.3.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000966512 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000343912 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000139120 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000360304 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000040816 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000499568 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000081768 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000114536 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000089968 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000073576 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000298864 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000978800 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000339816 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000126824 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000175984 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll 2018-04-12 19:09 - 2015-05-21 14:32 - 002403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000188272 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll 2017-07-18 00:46 - 2018-03-20 12:08 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll 2017-07-18 00:46 - 2018-03-20 12:08 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll 2017-07-18 00:46 - 2018-03-20 12:08 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll 2017-07-18 00:46 - 2018-03-20 12:08 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll 2014-04-11 09:48 - 2013-10-15 06:10 - 000541683 _____ () C:\Program Files (x86)\CyberLink\NEC Move Media Server\sqlite3.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 002317688 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iOSDevice.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 001362808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscCore.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000180088 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscMods.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000152952 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Network.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000402808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\TSLib.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000668536 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\UICore.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000044920 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Common.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000385912 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MediaUtil.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000548728 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Sqlite.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000103288 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\ZLib.dll 2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-01-31 10:45 - 2011-01-31 10:45 - 000559244 _____ () C:\Program Files (x86)\Linkman\sqlite3.dll 2018-08-08 19:10 - 2018-08-08 19:10 - 087838296 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\opera_browser.dll 2018-08-08 19:10 - 2018-08-08 19:10 - 000177240 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\message_center_win8.dll 2018-08-08 19:10 - 2018-08-08 19:10 - 003871320 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\libglesv2.dll 2018-08-08 19:10 - 2018-08-08 19:10 - 000086616 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\libegl.dll 2013-10-21 02:36 - 2013-08-08 06:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2018-04-05 20:03 - 2018-07-25 01:56 - 001106736 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\KasperskyLab.Ksde.NativeInterop.dll 2015-12-13 12:33 - 2015-12-13 12:33 - 000100864 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Scripts.dll 2015-12-13 12:33 - 2015-12-13 12:33 - 000044032 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Hotkeys.dll 2015-12-13 12:33 - 2016-02-23 12:21 - 000144896 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\ContextMenu.dll 2015-12-13 12:33 - 2015-12-13 12:33 - 000031744 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\SaveFile.dll 2015-12-13 12:33 - 2015-12-13 17:15 - 000061952 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Macros.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322] AlternateDataStreams: C:\ProgramData\Temp:8EFFFE8D [294] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\stwfp => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.reg: \shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit => <==== ATTENTION HKLM\...\.bat: => <==== ATTENTION HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Classes\.bat: batfile => <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\google.com -> hxxps://docs.google.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2017-08-01 22:33 - 000000853 _____ C:\windows\system32\Drivers\etc\hosts 127.0.0.1 cryptomator-vault ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "IntelAntiTheftDiscoveryAppIECNotifier" HKLM\...\StartupApproved\Run: => "AtrioSide" HKLM\...\StartupApproved\Run: => "Eraser" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "DSATray" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\StartupFolder: => "Telegram.lnk" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "WhatsApp" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F9D643D3-8497-43E4-98F3-38E716915A8E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{E8B770A5-FA45-4D44-B58C-F97DD1977577}] => (Allow) LPort=2869 FirewallRules: [{900BB167-AA6B-4D13-9555-03CB4DDAF294}] => (Allow) LPort=1900 FirewallRules: [{D6F18BAF-16DE-469C-A520-9004AC0498C0}] => (Allow) C:\Program Files (x86)\AOS Technologies\ファイナルパソコンデータ引越㗠9 plus for NEC\pcmover.exe FirewallRules: [TCP Query User{A744A787-26B6-4CBF-AC16-D8B16B6CD448}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{3611C606-8BCD-4157-B7F0-97CA21424398}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{0B623E7A-4890-41D8-8372-1C130AC8A356}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{09F7B869-195F-40C6-B266-6B04AFB2884F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{3C3010E4-90F7-42A7-89F9-E3444CF94B06}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe FirewallRules: [{AE7790C2-8769-41C5-841F-8D2AD8D9BA01}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe FirewallRules: [{7BAC5F7A-284F-4108-9BC5-B75C3D72552E}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe FirewallRules: [{9FFB909A-2927-4085-8066-0879D3AA0793}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe FirewallRules: [{F9D77D4C-761D-430E-88CB-D1B7A52097C8}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe FirewallRules: [{11F3629D-245B-451A-A98E-64DFBD07B295}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe FirewallRules: [{56F4AF8E-57F8-41B4-A65A-0FBBA6C76B40}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe FirewallRules: [{13C3D64E-22F7-4BA1-B58B-53265677C553}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe FirewallRules: [{A0C999BA-C8BC-4281-8601-73750E5F1723}] => (Allow) LPort=8501 FirewallRules: [{32AB8D67-D054-4A79-8823-614FFEF6E01F}] => (Allow) LPort=8501 FirewallRules: [{505DA236-3A56-424B-9B99-EBB755EEC9AA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{A902F6FB-3298-44B9-93ED-191D82C26CB9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [TCP Query User{689C272A-0ECD-47F8-88F6-904975F51D79}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe FirewallRules: [UDP Query User{11A1A67E-B038-48B3-89AB-F8F4F0268BB7}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe FirewallRules: [{2117A44D-9AF0-4D84-A6FA-C2CE767375A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{82444FCE-8B73-4EE6-9321-D147BB55E475}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E0FF1427-02F7-4FCF-B605-AA7720FECB39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C149F272-279C-452B-9C7D-9C93C179E6AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DEE3F7CC-FEC2-4054-9A70-A29139DE0761}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{AB91DF20-D673-499C-B644-030D9703474B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7E815151-6904-496A-AC2D-72FC22009C49}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe FirewallRules: [{3F403557-C2A9-4DB4-A08F-AAA175CF45EA}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe FirewallRules: [{A0292E51-FA3B-40A5-86B6-A69410C15431}] => (Allow) C:\Windows\SysWOW64\fltw.exe FirewallRules: [{F59F9572-DAA8-49A7-B8B8-87D14203E726}] => (Allow) C:\Windows\SysWOW64\fltw.exe FirewallRules: [{21B8CF93-A8AF-49E0-A5A8-4D90D71EA1F4}] => (Allow) C:\Windows\SysWOW64\wstw.exe FirewallRules: [{A664E965-6F9C-4904-97B3-664A88C6C5D6}] => (Allow) C:\Windows\SysWOW64\wstw.exe FirewallRules: [{596BBBC2-6C69-43DD-A9E3-2EAF611B034C}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe FirewallRules: [{F3158699-F2C2-4B4D-9C97-8EDE44D0C91A}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe FirewallRules: [{C69239FF-06A3-4D0A-9444-F72972E53490}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe FirewallRules: [{B4EFD6D8-6BAD-4D07-B5B5-6B2D0EFF9D69}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe FirewallRules: [TCP Query User{B21120BA-3F16-452E-89E6-243273EEED0C}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [UDP Query User{05154D90-C128-45AD-880F-BC2AEC21295A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [TCP Query User{0095AFA1-906D-40EB-8740-81E092A2EA5B}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe FirewallRules: [UDP Query User{D4BFC90B-A4EE-47CF-8E06-21798F2B4FC7}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe FirewallRules: [{6DC437CD-3BEE-4A60-81F8-8B67FC3E055E}] => (Block) C:\program files\second copy\seccopy.exe FirewallRules: [{3EF30085-232D-450A-A5C2-2484F10431B5}] => (Block) C:\program files\second copy\seccopy.exe FirewallRules: [TCP Query User{35AEFCDE-F23F-4FD9-AE70-CB0DDF2953CA}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe FirewallRules: [UDP Query User{D6AA058A-D730-4D0C-804C-63DE46208040}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe FirewallRules: [TCP Query User{C339E5B9-07F3-463F-8D92-10E98B07F74E}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe FirewallRules: [UDP Query User{36EE777D-F32F-4484-8CFA-A540C211237B}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe FirewallRules: [TCP Query User{290EC45F-8ECA-465A-8550-807F15B4CB76}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe FirewallRules: [UDP Query User{7FB492CB-F6F5-4EE0-864F-95F55A6DFDEB}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe FirewallRules: [{A27C0608-11DD-46B0-93E8-8CB7D21E4418}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{5A3641B2-C624-4A94-8FA9-DE244F8FC639}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F164DD20-6078-4B81-961C-083B0FF25404}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{FBB6CB95-B7E6-4818-B62D-6724C436E3B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{103298D7-C2C7-4895-AF93-CD4A59B6C354}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{6833B99D-A1FD-4788-ACC3-3B5D8B6FDB81}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{2DC48355-FECA-488E-8202-684BD0D8D84C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{F6EF11B6-6AEA-4BAE-AA20-E91C42F7AD1F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{18F0E74C-3ACE-4781-B413-F0D422BB63CF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{863A523D-C261-4A82-A2A7-27447A8FC2F4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{FD947FEC-53B3-4BED-B0A8-4DA463021FCA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{D2B23179-C9B9-491E-AC91-B68A0C8ED660}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{84B862B7-8779-41D9-9055-94DBAC95D6DA}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.40\opera.exe FirewallRules: [{50BD2E1A-D1D7-4D61-BBF1-54EBD9BBBC3A}] => (Allow) C:\Program Files (x86)\Opera developer\53.0.2885.0\opera.exe FirewallRules: [{06476787-1BB0-4434-A169-C039F0E60556}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{5D961AE6-CB90-49AD-86B7-26B54B099719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{2A8C58E0-93CA-4A29-A307-B6DE1FCED428}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9B9C6AEE-6B22-4E95-8D70-08F24E69290C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{82536828-3DCD-485E-B8A8-5ABF9005A3A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7CBB4B9B-D49D-4CEB-A6F3-F5616BB0653B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0FC410A5-86DB-49D8-BD08-9989673770EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7ABA5E4A-1B70-4A10-B38E-CFA6AA3B0C7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5587DB5B-9321-4905-BC86-BFA9BDDE3795}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F627D117-A01C-456C-93BC-7264C3A4FFEC}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe FirewallRules: [{3F72EC62-9A98-40DB-BEEB-7E2F44976DA7}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3037.0\opera.exe FirewallRules: [{2CD1F32B-A7E8-4079-AD1A-20A3A188A14C}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe FirewallRules: [{BE925581-CA7C-4454-A982-95444FC76D7D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{D85E2CCA-81C2-493D-936B-6659F467F804}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{9B61E9B1-13F4-4D9F-BCAB-650459099F1D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{602E8DE6-890B-4FAA-8647-4F8602E5A1FA}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3045.0\opera.exe ==================== Restore Points ========================= 04-08-2018 05:31:02 スケジュールã•ã‚ŒãŸãƒã‚§ãƒƒã‚¯ãƒã‚¤ãƒ³ãƒˆ 13-08-2018 03:46:21 スケジュールã•ã‚ŒãŸãƒã‚§ãƒƒã‚¯ãƒã‚¤ãƒ³ãƒˆ ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/17/2018 08:18:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm dopus.exe, Version 5.0.1.62 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Ãœberprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 29e0 Startzeit: 01d436175cc35641 Endzeit: 32108 Anwendungspfad: C:\Program Files\GPSoftware\Directory Opus\dopus.exe Berichts-ID: cf730fb2-a249-11e8-83bf-b0819159027b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (08/17/2018 12:44:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: dopus.exe, Version: 5.0.1.62, Zeitstempel: 0x575a0f47 Name des fehlerhaften Moduls: dopus.exe, Version: 5.0.1.62, Zeitstempel: 0x575a0f47 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000224cff ID des fehlerhaften Prozesses: 0x2280 Startzeit der fehlerhaften Anwendung: 0x01d435530fe81e2f Pfad der fehlerhaften Anwendung: C:\Program Files\GPSoftware\Directory Opus\dopus.exe Pfad des fehlerhaften Moduls: C:\Program Files\GPSoftware\Directory Opus\dopus.exe Berichtskennung: 95c6606a-a20a-11e8-83bf-b0819159027b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (08/17/2018 12:05:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 80070005). Error: (08/16/2018 04:54:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AkelPad.exe, Version: 4.9.7.0, Zeitstempel: 0x566d49e1 Name des fehlerhaften Moduls: Scripts.dll, Version: 18.2.0.0, Zeitstempel: 0x566d4960 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001145 ID des fehlerhaften Prozesses: 0x1750 Startzeit der fehlerhaften Anwendung: 0x01d43553dc6ba35e Pfad der fehlerhaften Anwendung: C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe Pfad des fehlerhaften Moduls: C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Scripts.dll Berichtskennung: 3fa707b9-a164-11e8-83bf-b0819159027b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (08/16/2018 04:33:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0085513f ID des fehlerhaften Prozesses: 0x13f4 Startzeit der fehlerhaften Anwendung: 0x01d43509831c587c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: c0f41eaa-a0fc-11e8-83bf-b0819159027b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (08/16/2018 04:33:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: StartSU.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException bei SU_Loader.suLogingCl..ctor() bei SU_Loader.Program.Main() Error: (08/16/2018 02:22:28 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "Windows RE" wurde aufgrund eines Fehlers nicht optimiert: パラメーターãŒé–“é•ã£ã¦ã„ã¾ã™ã€‚ (0x80070057) Error: (08/16/2018 02:10:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AkelPad.exe, Version: 4.9.7.0, Zeitstempel: 0x566d49e1 Name des fehlerhaften Moduls: Scripts.dll, Version: 18.2.0.0, Zeitstempel: 0x566d4960 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001145 ID des fehlerhaften Prozesses: 0x2e90 Startzeit der fehlerhaften Anwendung: 0x01d434e30864823f Pfad der fehlerhaften Anwendung: C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe Pfad des fehlerhaften Moduls: C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Scripts.dll Berichtskennung: c67c6def-a0e8-11e8-83be-fcf8aeb4d133 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: System errors: ============= Error: (08/17/2018 05:06:51 PM) (Source: DCOM) (EventID: 10010) (User: lavie) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/17/2018 05:06:21 PM) (Source: DCOM) (EventID: 10010) (User: lavie) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/17/2018 03:39:17 PM) (Source: DCOM) (EventID: 10010) (User: lavie) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/17/2018 03:38:47 PM) (Source: DCOM) (EventID: 10010) (User: lavie) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/17/2018 01:56:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "アプリケーション固有" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (LRPC 使用)" keine Berechtigung vom Typ "ãƒ*ーカル アクティブ化" für die COM-Serveranwendung mit der CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} und der APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} im Anwendungscontainer "利用ä¸å¯" (SID: 利用ä¸å¯) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (08/17/2018 11:51:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "アプリケーション固有" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (LRPC 使用)" keine Berechtigung vom Typ "ãƒ*ーカル アクティブ化" für die COM-Serveranwendung mit der CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} und der APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} im Anwendungscontainer "利用ä¸å¯" (SID: 利用ä¸å¯) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (08/17/2018 11:28:58 AM) (Source: DCOM) (EventID: 10010) (User: lavie) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/17/2018 11:28:28 AM) (Source: DCOM) (EventID: 10010) (User: lavie) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Windows Defender: =================================== Date: 2015-01-09 19:21:31.368 Description: Die Windows Defender-Ãœberprüfung wurde vor ihrem Abschluss beendet. Ãœberprüfungs-ID: {8696B0BA-C38C-47BC-A797-5B2D07EB3E49} Ãœberprüfungstyp: Antimalware Ãœberprüfungsparameter: Schnellüberprüfung Benutzer: NT AUTHORITY\SYSTEM Date: 2015-01-03 21:22:13.756 Description: Die Windows Defender-Ãœberprüfung wurde vor ihrem Abschluss beendet. Ãœberprüfungs-ID: {0CA8E64E-DB17-4DB1-8B14-A894D9352B2C} Ãœberprüfungstyp: Antimalware Ãœberprüfungsparameter: Schnellüberprüfung Benutzer: NT AUTHORITY\SYSTEM Date: 2015-01-02 16:35:21.146 Description: Die Windows Defender-Ãœberprüfung wurde vor ihrem Abschluss beendet. Ãœberprüfungs-ID: {0933CFEE-1894-4B97-8C90-DAF1E3EEA677} Ãœberprüfungstyp: Antimalware Ãœberprüfungsparameter: Schnellüberprüfung Benutzer: NT AUTHORITY\SYSTEM Date: 2014-12-31 21:35:00.771 Description: Die Windows Defender-Ãœberprüfung wurde vor ihrem Abschluss beendet. Ãœberprüfungs-ID: {DCB0C270-B8FB-4DD2-85A2-7C88B5326966} Ãœberprüfungstyp: Antimalware Ãœberprüfungsparameter: Schnellüberprüfung Benutzer: NT AUTHORITY\SYSTEM Date: 2018-03-20 16:35:06.770 Description: Fehler von Windows Defender beim Aktualisieren von Signaturen. Neue Signaturversion: Vorherige Signaturversion: 1.235.2025.0 Updatequelle: Microsoft Update-Server Signaturtyp: AntiVirus Updatetyp: Voll Benutzer: NT AUTHORITY\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.13407.0 Fehlercode: 0x8024001e Fehlerbeschreibung: ??????????????????????????????????????????????????????????????????????????????? Date: 2018-03-20 16:35:06.770 Description: Fehler von Windows Defender beim Aktualisieren von Signaturen. Neue Signaturversion: Vorherige Signaturversion: 1.235.2025.0 Updatequelle: Microsoft Update-Server Signaturtyp: AntiVirus Updatetyp: Voll Benutzer: NT AUTHORITY\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.13407.0 Fehlercode: 0x8024001e Fehlerbeschreibung: ??????????????????????????????????????????????????????????????????????????????? CodeIntegrity: =================================== Date: 2018-04-05 18:43:15.063 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:43:12.454 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:37:50.385 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:37:47.422 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:35:14.515 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:35:10.365 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:32:47.264 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:32:44.610 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 76% Total physical RAM: 4015.7 MB Available physical RAM: 954.75 MB Total Virtual: 12719.7 MB Available Virtual: 3827.02 MB ==================== Drives ================================ Drive c: (Windows 8.1) (Fixed) (Total:225.93 GB) (Free:138.81 GB) NTFS \\?\Volume{66bded32-fb6e-43d4-af27-9da22351b9e4}\ (Windows RE) (Fixed) (Total:0.93 GB) (Free:0.61 GB) NTFS \\?\Volume{2c42f2fe-9218-4f8d-bd84-2ae9dde67a23}\ (NEC-RESTORE) (Fixed) (Total:11.23 GB) (Free:3.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 7D73FA8C) Partition: GPT. ==================== End of Addition.txt ============================ |
17.08.2018, 21:34 | #3 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64)Zitat:
__________________ |
17.08.2018, 22:39 | #4 |
| Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Kaspersky wurde entfernt und es wurde neu gebootet. (Ich hatte immer ESET, bis es ständig BSODs verursacht hat. ESET war nachweislich die Ursache für die BSODs.) |
17.08.2018, 22:42 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! adwCleaner v7.x Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
__________________ Logfiles bitte immer in CODE-Tags posten |
17.08.2018, 23:38 | #6 |
| Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Ergebnis: Ein bisschen ungefährlicher PUP-Kram gefunden und entfernt: Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 7.2.2.0 # ------------------------------- # Build: 07-17-2018 # Database: 2018-08-13.2 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-18-2018 # Duration: 00:00:02 # OS: Windows 8.1 Pro # Cleaned: 13 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\d\AppData\Local\Temp\DMR Deleted C:\ProgramData\IOLO\SCU Deleted C:\Program Files (x86)\iolo\System Checkup Deleted C:\Users\d\AppData\Roaming\SecurityXploded ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\iolo SCU task one ***** [ Registry ] ***** Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted HKLM\Software\Wow6432Node\IOLO\System Checkup Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7027B04B-9076-44EF-BC3F-B062A5C7E483} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7027B04B-9076-44EF-BC3F-B062A5C7E483} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo SCU task one Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Prefetch [+] Delete Tracing Keys [+] Reset Chromium Policies [+] Reset IE Policies [+] Reset Proxy Settings [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2470 octets] - [18/08/2018 00:25:21] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## |
18.08.2018, 00:00 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Hat Kaspersky nicht aufgehalten. adwcleaner bitte zwecks Kontrolle wiederholen
__________________ Logfiles bitte immer in CODE-Tags posten |
18.08.2018, 00:10 | #8 |
| Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Alles ist jetzt clean bei Kontrolle. Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 7.2.2.0 # ------------------------------- # Build: 07-17-2018 # Database: 2018-08-13.2 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-18-2018 # Duration: 00:00:00 # OS: Windows 8.1 Pro # Cleaned: 0 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Prefetch [+] Delete Tracing Keys [+] Reset Chromium Policies [+] Reset IE Policies [+] Reset Proxy Settings [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2470 octets] - [18/08/2018 00:25:21] AdwCleaner[C00].txt - [2511 octets] - [18/08/2018 00:34:28] AdwCleaner[S01].txt - [1364 octets] - [18/08/2018 01:05:43] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## |
18.08.2018, 00:31 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
18.08.2018, 11:41 | #10 |
| Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) 1. Windows-Defender-Definitionen sind jetzt aktuell (noch nicht in den Logs). Waren nicht geupdated, weil ich bisher einen Third-Party AV (das böse KIS) hatte. 2. Ärgerlich: Es sind immer noch ESET-Reste auf dem System, obwohl ich das Entfern-Tool verwendet hatte (eset firewall helper (service), sowie esihdrv.sys) 3. Wie immer wurden von mir ein paar Links zu selbst erstellten Dokumenten aus den Logs aus Datenschutzgründen entfernt. 4. Spende an Trojanerboard wurde getätigt. danke! 5. additional.txt kommt gleich noch nach. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018 Ran by d (administrator) on LAVIE (18-08-2018 11:34:42) Running from C:\Users\d\Desktop Loaded Profiles: d (Available Profiles: d) Platform: Windows 8.1 Pro (Update) (X64) Language: Japanisch (Japan) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTSVC.exe (NEC Personal Computers, Ltd.) C:\Windows\SysWOW64\NTMETER.exe (NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftSvc.exe () C:\Program Files\Prio\prio_svc.exe (Centered Systems) C:\Program Files (x86)\Second Copy 8\ScVssService64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECMFK\necmfk.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECBatt\nbSched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTPB.exe (NEC Personal Computers, Ltd.) C:\Program Files\NPSpeed\NPSpeed.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Outertech) C:\Program Files (x86)\Linkman\Linkman.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (f.lux Software LLC) C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Users\d\Desktop\acv507\ArsClip.exe (Steve Emmons) C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe (Mad Dog Apps) C:\Program Files (x86)\Mad Dog Apps\BatteryMonitor\myBatteryMonitor.exe (pXc-coding.com) C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe (NEC Personal Computers, Ltd.) C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe (NEC Personal Computers, Ltd.) C:\Program Files\EcoViewer\ecomonsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [NECMFK] => C:\Program Files\necmfk\necmfk.exe [164176 2013-09-19] (NEC Personal Computers, Ltd.) HKLM\...\Run: [IntelAntiTheftDiscoveryAppIECNotifier] => C:\Program Files (x86)\Intel\Intel Anti-Theft Discovery App\IntelAntiTheftDiscoveryAppIECNotifier.exe [142336 2013-06-25] (Intel Corporation) HKLM\...\Run: [NECBatt] => C:\Program Files\NECBatt\nbSched.exe [356688 2013-08-05] (NEC Personal Computers, Ltd.) HKLM\...\Run: [PeakShiftTool] => C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe [244576 2013-07-02] (NEC Personal Computers, Ltd.) HKLM\...\Run: [NECBTPB] => C:\Program Files\NECBoot\NECBTPB.EXE [2789304 2012-10-05] (NEC Personal Computers, Ltd.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-09-04] (Synaptics Incorporated) HKLM\...\Run: [RcdSettings] => C:\Program Files\NEC\NECRcdSettings\RcdSettings.exe [924536 2013-08-27] (NEC Personal Computers, Ltd.) HKLM\...\Run: [NPSpeed] => C:\Program Files\NPSpeed\NPSpeed.exe [3215152 2013-10-08] (NEC Personal Computers, Ltd.) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft) HKLM\...\Run: [AtrioSide] => C:\Program Files\NEC\AtrioSide\AtrioSide.exe [1193328 2013-09-17] (NEC Personal Computers, Ltd.) HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [SmartUpdate] => C:\Program Files (x86)\NEC\SmartUpdate\reservesu.exe [234232 2013-07-08] (NEC Personal Computers, Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-03-16] (Apple Inc.) HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME} HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Linkman] => C:\Program Files (x86)\Linkman\Linkman.exe [1635200 2015-12-23] (Outertech) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [421240 2016-06-10] (GP Software) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [f.lux] => C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\SecCopy.exe [3128616 2013-01-28] (Centered Systems) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] () HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [WhatsApp] => "C:\Users\d\AppData\Local\WhatsApp\app-0.2.5371\WhatsApp.exe" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [DVSFreeVideoCallRecorder] => "C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\FreeVideoCallRecorder.exe" /minimized HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [IntelliWebSearch] => C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe [224388 2011-04-08] (Michael Farrell) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation) AppInit_DLLs: prio.dll => No File AppInit_DLLs-x32: prio32.dll => No File IFEO\sethc.exe: [Debugger] logonui.exe ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1580408 2016-06-10] (GP Software) ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [350072 2016-06-10] (GP Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Alternative Flash Player Auto-Updater.lnk [2016-01-16] ShortcutTarget: Alternative Flash Player Auto-Updater.lnk -> C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe (pXc-coding.com) Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip - Verknüpfung.lnk [2016-01-25] ShortcutTarget: ArsClip - Verknüpfung.lnk -> C:\Users\d\Desktop\acv507\ArsClip.exe () Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryAlarm - Shortcut.lnk [2016-04-20] ShortcutTarget: BatteryAlarm - Shortcut.lnk -> C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe (Steve Emmons) Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-09-30] ShortcutTarget: Telegram.lnk -> C:\Users\d\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-500\User: Restriction <==== ATTENTION GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1003\User: Restriction <==== ATTENTION GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1001\User: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 cryptomator-vault Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{A589BE57-42CC-439B-99D1-70AED469ADBE}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> DefaultScope {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2016-07-25] (iTools.hk) BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH) BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2016-07-25] (iTools.hk) Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH) Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - No File Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} - No File FireFox: ======== FF DefaultProfile: 2udj1tce.default FF ProfilePath: C:\Users\d\AppData\Roaming\Postbox\Profiles\ify653so.default [2016-02-10] FF ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default [2018-08-18] FF Session Restore: Mozilla\Firefox\Profiles\2udj1tce.default -> is enabled. FF Extension: (Grammarly for Firefox) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-08-09] FF Extension: (Video DownloadHelper) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-09] FF Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-27] FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-19] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-16] () FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] () FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] () FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-16] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] () FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6 Chrome: ======= CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\Default [2018-08-03] CHR Extension: (Präsentationen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-19] CHR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-05-31] CHR Extension: (Docs) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-19] CHR Extension: (Google Drive) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-19] CHR Extension: (YouTube) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-19] CHR Extension: (Tab Count) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfokcacdaonnckdmopmcgeanhkebeaio [2018-07-30] CHR Extension: (uBlock Origin) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-03] CHR Extension: (Tab Glutton) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2018-06-25] CHR Extension: (Tabellen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-19] CHR Extension: (Google Docs Offline) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-05] CHR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05] CHR Extension: (Linkman) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchnedaeogijkjjkjigbijhbcanbdjkc [2018-05-05] CHR Extension: (Google Mail) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-19] CHR Extension: (Chrome Media Router) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11] CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-05] Opera: ======= OPR Session Restore: -> is enabled. OPR Extension: (Simple = Select + Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2017-09-11] OPR Extension: (Instant Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aamgapdgopfdmokckpkfciiddpahbbcg [2017-09-11] OPR Extension: (Google Übersetzer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-02] OPR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aejcgigcjcdcbdkdbeiclbpekcjddapp [2016-01-17] OPR Extension: (Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\afmdpmddiokpdknaeofdnlclbpgehhce [2018-07-25] OPR Extension: (TransOver) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2018-08-08] OPR Extension: (SimpleUndoClose) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aipamoaneebnhkfefefbfmhimclgafig [2018-02-19] OPR Extension: (Redirect Bypasser) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\akalifnifmgdmgmjoaiaflkeahpbkghe [2017-05-04] OPR Extension: (Oxford Dictionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbhgfdkgegllnkmnpidalgbgdghilnha [2016-11-10] OPR Extension: (Select like a Boss) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfigpnfillonohmonbadflnapjejfkgm [2017-10-21] OPR Extension: (V7 Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjcegonlhkkclkkglpgjmgnigefhkak [2018-01-14] OPR Extension: (smartUp Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjfekefhjemchdeigphccilhncnjldn [2018-06-27] OPR Extension: (AdGuard Werbeblocker) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2018-05-19] OPR Extension: (V7 Bookmarks) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpmgfnikhlpakdkeeahboleoommganka [2018-04-27] OPR Extension: (Forvo pronunciation) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccpodfblfjampgmdfllpclalbdckflmi [2017-10-21] OPR Extension: (TrafficLight) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfnpidifppmenkapgihekkeednfoenal [2018-04-11] OPR Extension: (archive.is Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgjpabpjaocpgppajkeplhbipbdippdm [2018-04-08] OPR Extension: (OneTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-12-12] OPR Extension: (ZenMate VPN - Top Internet Security & Unblock) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2018-07-21] OPR Extension: (Shortkeys) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnjnhmmmdopghhihpeoafpkkanlagfjf [2016-04-18] OPR Extension: (Simple Mouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cpbbhbiceidealbcfgodcffnfneffopd [2018-06-08] OPR Extension: (Avast Online Security) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-20] OPR Extension: (Search by Image (by Google)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-03-06] OPR Extension: (Card Numbers for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ddadhlcejiholmdiihbdcfoapdfkhicn [2017-02-28] OPR Extension: (Tabs Backup & Restore) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2017-12-22] OPR Extension: (Just Read) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dgmanlpmmkibanfdgjocnabmcaclkmod [2018-08-18] OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-28] OPR Extension: (Copy All Urls) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2017-11-19] OPR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2018-08-11] OPR Extension: (SurfEasy VPN - Sicherheit, Privatsphäre, Entsperrung) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2018-05-07] OPR Extension: (Google search link fix) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eckgbkpcmkeamlbhpcifhnijehlcogip [2018-04-12] OPR Extension: (Session Buddy) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29] OPR Extension: (HTTPS Everywhere) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2018-06-22] OPR Extension: (Copyfish �� Free OCR Software) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eenjdnjldapjajjofmldgmkjaienebbj [2018-01-29] OPR Extension: (VTchromizer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\efbjojhplkelaegfbieplglfidafgoka [2018-04-11] OPR Extension: (Tabs Outliner) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2017-12-22] OPR Extension: (Sort Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ejlljbnghfnfihpiifjaojopfkbgknoi [2016-04-18] OPR Extension: (Copytables) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekdpkppgmlalfkphpibadldikjimijon [2017-10-21] OPR Extension: (Tab Glutton) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2017-02-28] OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekmmelpnmfdegjhnmadddcfjcahpajnm [2018-08-08] OPR Extension: (Vertical Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eknjllkeehiiakhmgjjdoempaocgemkg [2017-03-20] OPR Extension: (Wrona History Menu) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\encidpibliikeaimjmlimnnbjjpnfppl [2016-04-18] OPR Extension: (All in one web searcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\enofjgiadilpmldfknojklfjbeaooiap [2017-09-11] OPR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fcfpagpiibkilokeihmaggjgheaemgbi [2017-12-17] OPR Extension: (Text Lesegerät (Text zu Sprache)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdffijlhedcdiblbingmagmdnokokgbi [2017-11-19] OPR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2018-04-06] OPR Extension: (SimpleUndoClose.test) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjjibgcfnmpcdipdfamlcghkphflpcfb [2017-04-16] OPR Extension: (1Password extension (desktop app required)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnbobholfpcolmkinlokiaaanjilcop [2018-06-27] OPR Extension: (Scroll to Top) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbefdhcpnalckelncafcbmdifclnlmce [2017-11-20] OPR Extension: (Linkman) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbeghboempnjlacepdnkgnpplgjadpnl [2014-06-18] OPR Extension: (Classic Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbekmpnpfkkijbodegokaigmhedbbkmg [2016-01-16] OPR Extension: (SimpleTabOrder) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcphmfnknfenaigpefdlmnbgnjaebjim [2018-02-19] OPR Extension: (XTranslate) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfgpkepllngchpmcippidfhmbhlljhoo [2018-05-28] OPR Extension: (SimpleExtManager) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ggfngijafepjalmbhefafhdeedobcdbf [2018-05-28] OPR Extension: (Super Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme [2017-11-19] OPR Extension: (Etymonline) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\giehjnnlopapngdjbjjgddpaagoimmgl [2018-01-04] OPR Extension: (Selection Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2018-07-26] OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2018-07-21] OPR Extension: (Google Right-Click Multi-Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hacdkngldbgplmdlmdhgiehbmmlckmea [2017-09-13] OPR Extension: (Ultimello, the features pack for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hahbfgjfimnmogoinnenhheepfcphnmm [2018-06-22] OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2018-05-05] OPR Extension: (Video Autoplay Blocker by Robert Sulkowski) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiefnnpeemndbkjphkiffdfjbgaapifa [2016-01-17] OPR Extension: (DotVPN — a better way to VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2018-05-19] OPR Extension: (JavaScript Toggle On and Off) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hldheaackmkeadbfdaiidijnilnbgifo [2018-04-04] OPR Extension: (V7 Gmail Zoom) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnfpfgoekopajiblcenihlclkgphkgmn [2017-04-13] OPR Extension: (I don't care about cookies) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\iambaeepkgdclnmbfdnnohkjjpdglbeo [2018-08-01] OPR Extension: (Sprachenfilter für Wikipedia) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibgceajjjioihilfcdppneoljcaofokk [2018-05-28] OPR Extension: (Wiktionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibncmbgpniokogofpkjnlcpfpiodoppk [2017-10-21] OPR Extension: (Wolfram|Alpha (Official)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2017-11-19] OPR Extension: (Text to Speech (TTS)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ifnfkcmbdaelhfkpkoncangcnhieanmj [2017-10-21] OPR Extension: (Malwarebytes Browser Extension) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-08-16] OPR Extension: (Reader View) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ikmhokpogledimpnfdbcgondkbmfkfjc [2018-06-04] OPR Extension: (Social Fixer for Facebook) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\inficfabgpfjiegjgnhmjdagmhlmakoo [2018-06-27] OPR Extension: (Disable HTML5 Autoplay) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jbinbhipioellbajhbkjlpioadehpfdj [2016-08-03] OPR Extension: (YouTube High Definition) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcdpccclajomeaeeoggbhglfomndjgfp [2016-02-06] OPR Extension: (Close Duplicate Tab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcmhmgmojlljfpfnmlbnipanelaliikl [2016-07-28] OPR Extension: (CloseTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdclfnplpfhdgcmafpbodpejpdnbfhpb [2016-04-20] OPR Extension: (Translate Web Page) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jggobmlojchhlngdhmmdghgganciigof [2016-02-03] OPR Extension: (Font Changer with Google Web Fonts™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2017-11-28] OPR Extension: (User-Agent Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2017-11-19] OPR Extension: (Save To The Wayback Machine) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkoddmeemofcjjeckgiddpgdbnnafoib [2018-05-10] OPR Extension: (Search Window) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmjjleckcgnlmampjifnllbdhkobinbl [2017-12-17] OPR Extension: (View Image - \) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2018-08-18] OPR Extension: (Grammarly for Chrome) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-16] OPR Extension: (The Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbgapjibpomfdnhllkbijmolmnhloona [2016-04-18] OPR Extension: (uBlock Origin) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-07-19] OPR Extension: (Stylus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdinfjomkigjcjcbigolloleeiianaif [2018-07-16] OPR Extension: (Leo Dictionary Widget) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kepemmpmljphklmpfgfmhpjhpdlccpke [2017-10-14] OPR Extension: ( Copy URLs ) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgmdofgghbeipjnddielphhhecgnppab [2016-04-18] OPR Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khgbdhkpcapllhgfekjegcinegfhjbmi [2018-04-09] OPR Extension: (V7 Sessions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmbgihnlknbjgjhmekjeoidpfimabpp [2016-11-10] OPR Extension: (Install Chrome Extensions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-08-18] OPR Extension: (Force Download) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\klahcccondnnonafcbcdgbahphglbjjg [2017-12-11] OPR Extension: (Flash Player for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knbfimhapmnifdchcafinkbfikmomaak [2016-12-15] OPR Extension: (etymon one-click search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knhbicgmdmcjehdpmipibiebegaoiecc [2017-09-16] OPR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19] OPR Extension: (Direct links for Google Image) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lbbpfcajcbdmfhkkleloodefhanneljl [2018-04-12] OPR Extension: (Disable Extensions Temporarily) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lcfdefmogcogicollfebhgjiiakbjdje [2017-09-13] OPR Extension: (Wikimedia Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclegfmhkjbcpiikogacbfbpdgfbdifi [2017-11-19] OPR Extension: (Free Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfkfikiejjfhpfbpgfolfkkdjpepmkal [2018-04-18] OPR Extension: (Sidebar for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljkgfkfopogmclcinephnaeekjiikibd [2017-09-27] OPR Extension: (V7 Drag) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmmhflhfcljkioicbckchnpfiffcjkjp [2017-11-19] OPR Extension: (Nehmen Sie Screenshot der Webseite - FireShot) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-01-08] OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2017-11-19] OPR Extension: (Tab Close Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfkclbfmlbdmjhndmdbbcmlnhojgopdd [2016-04-18] OPR Extension: (CLEAN crxMouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mjidkpedjlfnanainpdfnedkdlacidla [2017-11-20] OPR Extension: (About://Internal Pages) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpkgnldklpemphbfogboacnljgfpnkme [2016-07-28] OPR Extension: (Video Speed Controller) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-07-08] OPR Extension: (Copy URL + Title) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhmdngoiikdcodlpeifbjcjpjhefipal [2016-04-18] OPR Extension: (Save to Pocket) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2018-07-08] OPR Extension: (Violent monkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-11-19] OPR Extension: (Scroll To Top Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\njdplanogllnioicoadncjfgfhdnnpha [2018-08-08] OPR Extension: (dict-cc) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-10-07] OPR Extension: (SaveFrom.net Helfer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2018-08-18] OPR Extension: (Better History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\obciceimmggglbmelaidpjlmodcebijb [2017-12-22] OPR Extension: (Enhancer for YouTube) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2018-08-01] OPR Extension: (Zoom Popup) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofpknbbbohcgomapfgcgadleckdagikj [2016-04-18] OPR Extension: (Google™ Translator Sidebar) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ogmklpmbehclccahgccdnhjipkmmjaom [2017-08-15] OPR Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-07-19] OPR Extension: (Open Multiple URLs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oifijhaokejakekmnjmphonojcfkpbbh [2017-11-21] OPR Extension: (LEO Wörterbuchsuche) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp [2018-01-08] OPR Extension: (Mercury Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2018-06-10] OPR Extension: (Mate Translate – Übersetzer, Wörterbuch) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2018-07-10] OPR Extension: (V7 History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oneajlghdhobcelcgbgkjaipjoopcggg [2017-08-11] OPR Extension: (Remove cookie(s) for the current domain) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\opbghiaphmcbefjfoihikkbpjaoanala [2017-03-16] OPR Extension: (FlexyTrello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pggiemacedhgohmpcgdpceckeicjlgfn [2018-01-05] OPR Extension: (Context Menus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\phlfmkfpmphogkomddckmggcfpmfchpn [2017-11-20] OPR Extension: (Extract Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pibjcpkpaecbpifdkbehcicaoaejkaie [2016-04-18] OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2018-08-01] OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll [] OPR Extension: (Enhancer for YouTube™) - C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_22_0_0_192.dll [] StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files (x86)\Opera developer\Launcher.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.) R2 AS ContentsDL; C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe [70520 2013-09-17] (NEC Personal Computers, Ltd.) R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2018-04-09] (AOMEI Tech Co., Ltd.) R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-03-29] (Digital Wave Ltd.) R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel) R2 ecomonsv; C:\Program Files\EcoViewer\ecomonsv.exe [280496 2012-12-04] (NEC Personal Computers, Ltd.) R2 ibtsiva; C:\windows\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation) R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd) S4 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [363144 2016-02-05] (Mailbird) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) S4 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2016-12-17] (StagWare) [File not signed] R2 NEC Move Media Server Monitor Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe [134920 2013-12-16] (CyberLink) R2 NEC Move Media Server Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe [375560 2013-12-16] (CyberLink) R2 NECBT SERVICE; C:\Program Files\NECBoot\NECBTSVC.exe [237496 2012-10-05] (NEC Personal Computers, Ltd.) S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft) R2 NT Meter; c:\windows\syswow64\NTMETER.exe [98672 2013-05-08] (NEC Personal Computers, Ltd.) S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH) S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH) S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH) S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.) R2 PeakShiftSvc; C:\Program Files\PeakShiftTool\PeakShiftSvc.exe [289624 2013-07-02] (NEC Personal Computers, Ltd.) R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12704 2017-01-15] () R2 ScVssService64; C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [75048 2013-01-28] (Centered Systems) S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [183568 2018-03-07] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) S2 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [X] S2 EaseUS Agent; "C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe" [X] S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X] S4 watchtw; C:\windows\SysWOW64\wtwatch.exe [X] S2 WebServTw; C:\windows\SysWOW64\wstw.exe [X] S4 wtflserv; C:\windows\SysWOW64\fltw.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\windows\System32\ambakdrv.sys [51120 2016-12-21] () R2 ammntdrv; C:\windows\system32\ammntdrv.sys [171952 2016-12-21] () R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [38320 2017-09-01] () S3 esihdrv; C:\Users\d\AppData\Local\Temp\esihdrv.sys [149928 2018-04-09] (ESET) <==== ATTENTION R0 EUBAKUP; C:\windows\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R0 EUBKMON; C:\windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] () [File not signed] R1 EUDSKACS; C:\windows\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R1 EUFDDISK; C:\windows\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [231400 2017-05-19] (Intel Corporation) R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] () R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] () R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] () R1 MFKGTKEY; C:\windows\system32\drivers\mfkgtkey.sys [26960 2013-09-19] (NEC Personal Computers, Ltd.) R1 MpKsl0a0bb4dc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4906AF21-577E-4C64-8CCC-AE47539E0D6C}\MpKsl0a0bb4dc.sys [58120 2018-08-18] (Microsoft Corporation) R3 necbatt; C:\windows\System32\drivers\necbatt.sys [19760 2013-06-20] (NEC Personal Computers, Ltd.) R3 necextif; C:\windows\System32\drivers\necextif.sys [26448 2013-06-21] (NEC Personal Computers, Ltd.) R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3521032 2017-11-08] (Intel Corporation) S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 Ps2Led; C:\windows\system32\DRIVERS\Ps2Led.sys [18768 2013-09-19] (NEC Personal Computers, Ltd.) R1 Ps2LedIF; C:\windows\system32\drivers\ps2ledif.sys [16208 2013-09-19] (NEC Personal Computers, Ltd.) S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows (R) Win 7 DDK provider) S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [31856 2017-03-23] (Windows (R) Win 7 DDK provider) R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-07-18] (Corel Corporation) R3 RadioSwitchHID; C:\windows\System32\drivers\RadioSwitchHID.sys [19456 2012-08-24] (NEC Personal Computers, Ltd.) S3 RTLU3E8023-W8-64; C:\windows\system32\DRIVERS\rtu30x64w8.sys [70656 2013-06-18] (Realtek ) R3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation) R0 Sahdad64; C:\windows\System32\Drivers\Sahdad64.sys [28304 2013-07-23] (Corel Corporation) R0 Saibad64; C:\windows\System32\Drivers\Saibad64.sys [20112 2013-07-23] (Corel Corporation) R1 SaibVdAd64; C:\windows\System32\Drivers\SaibVdAd64.sys [27792 2013-07-23] (Corel Corporation) R3 VBoxNetAdp; C:\windows\system32\DRIVERS\VBoxNetAdp6.sys [198032 2018-02-26] (Oracle Corporation) R1 VBoxNetLwf; C:\windows\system32\DRIVERS\VBoxNetLwf.sys [208392 2018-02-26] (Oracle Corporation) S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [125008 2015-12-18] (Oracle Corporation) S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) R3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2017-09-24] (OpenLibSys.org) R1 wtfilter_6589; C:\windows\System32\drivers\wtfilter_6589.sys [86488 2017-02-06] () R3 ALSysIO; \??\C:\Users\d\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION U0 aswVmm; no ImagePath S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X] S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X] S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X] S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-18 11:34 - 2018-08-18 11:35 - 000050634 _____ C:\Users\d\Desktop\FRST.txt 2018-08-18 00:19 - 2018-08-18 00:34 - 000000000 ____D C:\AdwCleaner 2018-08-18 00:09 - 2018-08-18 00:12 - 007417040 _____ (Malwarebytes) C:\Users\d\Downloads\adwcleaner_7.2.2.exe 2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Downloads\FRST64.exe 2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Desktop\FRST64.exe 2018-08-17 20:16 - 2018-08-17 20:16 - 000016853 _____ C:\Users\d\Downloads\Download.htm 2018-08-17 20:14 - 2018-08-18 11:34 - 000000000 ____D C:\FRST 2018-08-16 00:30 - 2018-07-19 09:06 - 007371616 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2018-08-16 00:30 - 2018-07-19 08:48 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2018-08-16 00:30 - 2018-07-19 08:15 - 025745408 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2018-08-16 00:30 - 2018-07-19 06:35 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2018-08-16 00:30 - 2018-07-19 06:33 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2018-08-16 00:30 - 2018-07-19 06:33 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2018-08-16 00:30 - 2018-07-19 06:30 - 005778432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2018-08-16 00:30 - 2018-07-19 06:22 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2018-08-16 00:30 - 2018-07-19 06:22 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2018-08-16 00:30 - 2018-07-19 06:22 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll 2018-08-16 00:30 - 2018-07-19 06:21 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2018-08-16 00:30 - 2018-07-19 06:05 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2018-08-16 00:30 - 2018-07-19 06:03 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2018-08-16 00:30 - 2018-07-19 06:01 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2018-08-16 00:30 - 2018-07-19 05:55 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2018-08-16 00:30 - 2018-07-19 05:55 - 000099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll 2018-08-16 00:30 - 2018-07-19 05:54 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2018-08-16 00:30 - 2018-07-19 05:47 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2018-08-16 00:30 - 2018-07-19 05:46 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2018-08-16 00:30 - 2018-07-19 05:45 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2018-08-16 00:30 - 2018-07-19 05:45 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2018-08-16 00:30 - 2018-07-19 05:43 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2018-08-16 00:30 - 2018-07-19 05:32 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2018-08-16 00:30 - 2018-07-19 05:31 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2018-08-16 00:30 - 2018-07-19 05:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2018-08-16 00:30 - 2018-07-19 05:28 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2018-08-16 00:30 - 2018-07-19 05:28 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll 2018-08-16 00:30 - 2018-07-19 05:28 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2018-08-16 00:30 - 2018-07-19 05:28 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2018-08-16 00:30 - 2018-07-19 05:20 - 001554944 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2018-08-16 00:30 - 2018-07-19 05:17 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll 2018-08-16 00:30 - 2018-07-19 05:09 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2018-08-16 00:30 - 2018-07-19 05:09 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2018-08-16 00:30 - 2018-07-19 05:06 - 001329152 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2018-08-16 00:30 - 2018-07-19 05:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2018-08-16 00:30 - 2018-07-13 09:51 - 002452824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2018-08-16 00:30 - 2018-07-07 20:33 - 001548632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2018-08-16 00:30 - 2018-07-07 19:05 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2018-08-16 00:30 - 2018-07-07 19:02 - 000096768 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2018-08-16 00:30 - 2018-07-07 19:00 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll 2018-08-16 00:30 - 2018-07-07 18:33 - 000078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll 2018-08-16 00:30 - 2018-07-07 18:31 - 000113664 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll 2018-08-16 00:30 - 2018-07-06 19:37 - 001754624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll 2018-08-16 00:30 - 2018-07-06 18:36 - 001491968 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll 2018-08-16 00:30 - 2018-06-30 20:00 - 001113952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys 2018-08-16 00:30 - 2018-06-27 20:10 - 000559104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\csc.sys 2018-08-16 00:30 - 2018-06-27 19:48 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\CscMig.dll 2018-08-16 00:30 - 2018-06-24 17:11 - 000748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll 2018-08-16 00:30 - 2018-06-24 17:04 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll 2018-08-16 00:30 - 2018-06-19 15:38 - 003611136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2018-08-16 00:30 - 2018-06-19 15:38 - 003321344 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2018-08-16 00:30 - 2018-06-19 15:31 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe 2018-08-16 00:30 - 2018-06-19 15:29 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe 2018-08-16 00:30 - 2018-06-16 17:03 - 002779136 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2018-08-16 00:30 - 2018-06-16 16:59 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2018-08-16 00:30 - 2018-06-15 06:34 - 000923512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys 2018-08-16 00:30 - 2018-06-15 04:12 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll 2018-08-16 00:30 - 2018-06-15 03:55 - 000840192 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll 2018-08-16 00:30 - 2018-06-15 03:43 - 000186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll 2018-08-16 00:30 - 2018-06-15 03:26 - 000514560 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv 2018-08-16 00:30 - 2018-06-15 03:22 - 000866304 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll 2018-08-16 00:30 - 2018-06-15 03:19 - 000399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv 2018-08-16 00:30 - 2018-06-08 20:47 - 000083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys 2018-08-16 00:29 - 2018-07-19 06:23 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2018-08-16 00:29 - 2018-07-19 05:53 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2018-08-16 00:29 - 2018-07-19 05:34 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2018-08-16 00:29 - 2018-07-19 05:28 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2018-08-16 00:29 - 2018-06-15 04:28 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2018-08-16 00:29 - 2018-06-15 04:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2018-08-11 07:55 - 2018-08-11 07:55 - 759471852 _____ C:\windows\MEMORY.DMP 2018-08-11 07:55 - 2018-08-11 07:55 - 000296888 _____ C:\windows\Minidump\081118-7421-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-18 11:33 - 2014-06-11 01:27 - 000003868 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A885AFCF-DEDA-4845-AD42-3903A4A06B09} 2018-08-18 02:48 - 2014-06-12 21:16 - 000011354 _____ C:\windows\system32\perfh007.dat 2018-08-18 02:48 - 2014-06-12 21:16 - 000006212 _____ C:\windows\system32\perfc007.dat 2018-08-18 02:48 - 2013-08-28 09:06 - 000018338 _____ C:\windows\system32\PerfStringBackup.INI 2018-08-18 02:48 - 2013-08-23 00:47 - 000005884 _____ C:\windows\system32\perfc011.dat 2018-08-18 02:48 - 2013-08-23 00:47 - 000005820 _____ C:\windows\system32\perfh011.dat 2018-08-18 02:48 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf 2018-08-18 01:25 - 2014-06-11 01:30 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417334993-2898295356-3386692794-1001 2018-08-18 01:16 - 2014-07-05 21:58 - 000000000 ____D C:\Users\d\AppData\Local\CrashDumps 2018-08-18 01:09 - 2016-01-16 12:36 - 000000000 ____D C:\Program Files (x86)\Alternative Flash Player Auto-Updater 2018-08-18 01:08 - 2016-07-25 16:40 - 000003332 _____ C:\windows\System32\Tasks\iToolsDaemon 2018-08-18 01:08 - 2016-01-16 12:43 - 000000000 ____D C:\Users\d\Desktop\acv507 2018-08-18 01:07 - 2018-04-12 19:10 - 000000082 _____ C:\windows\SysWOW64\winsevr.dat 2018-08-18 01:07 - 2018-04-12 19:09 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper 2018-08-18 01:07 - 2016-01-11 12:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-08-18 01:07 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2018-08-18 00:39 - 2016-02-27 04:33 - 000000000 ____D C:\Users\d\AppData\Local\ClassicShell 2018-08-18 00:34 - 2017-08-17 18:04 - 000000000 ____D C:\ProgramData\iolo 2018-08-18 00:34 - 2017-08-17 18:04 - 000000000 ____D C:\Program Files (x86)\iolo 2018-08-18 00:34 - 2017-06-30 00:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-08-18 00:34 - 2014-06-17 04:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-08-18 00:33 - 2016-12-05 16:31 - 000000000 ____D C:\Users\d\AppData\LocalLow\Mozilla 2018-08-18 00:32 - 2016-06-16 16:20 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-08-18 00:09 - 2018-02-19 17:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2018-08-17 23:44 - 2013-08-22 17:36 - 000000000 ___HD C:\windows\ELAMBKUP 2018-08-17 23:43 - 2016-01-11 12:20 - 000000000 ____D C:\Program Files\Common Files\AV 2018-08-17 16:39 - 2016-10-12 16:25 - 000000000 ____D C:\Users\d\Desktop\_Current 2018-08-17 01:32 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\ELAM 2018-08-16 16:15 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache 2018-08-16 04:31 - 2016-06-03 21:44 - 000003882 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1464983063 2018-08-16 04:31 - 2016-06-03 21:44 - 000000000 ____D C:\Program Files (x86)\Opera developer 2018-08-16 04:29 - 2014-06-12 22:14 - 000000000 ____D C:\Program Files (x86)\Opera 2018-08-16 04:24 - 2013-08-22 16:44 - 000602656 _____ C:\windows\system32\FNTCACHE.DAT 2018-08-16 04:23 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\BBI 2018-08-16 04:22 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData 2018-08-16 02:12 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp 2018-08-16 01:55 - 2016-04-19 07:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-08-16 00:45 - 2017-10-21 23:08 - 000004514 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-08-16 00:45 - 2017-10-21 23:08 - 000004378 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2018-08-16 00:45 - 2013-08-22 17:36 - 000000000 ____D C:\windows\SysWOW64\Macromed 2018-08-16 00:45 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\Macromed 2018-08-16 00:06 - 2018-03-14 07:02 - 000004244 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-08-13 15:49 - 2018-03-21 15:19 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant 2018-08-13 08:25 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness 2018-08-11 08:09 - 2014-06-11 01:25 - 000000000 ____D C:\Users\d 2018-08-11 07:55 - 2014-07-05 22:35 - 000000000 ____D C:\windows\Minidump 2018-08-10 00:38 - 2018-05-05 20:25 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-10 00:38 - 2018-05-05 20:25 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-08 19:10 - 2014-06-12 22:14 - 000003862 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1402604082 2018-08-04 01:46 - 2013-08-22 17:38 - 000836480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2018-08-04 01:46 - 2013-08-22 17:38 - 000181120 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-07-26 20:36 - 2016-01-11 13:09 - 000000000 ____D C:\windows\system32\appraiser 2018-07-26 20:26 - 2017-05-13 20:36 - 000002086 _____ C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk 2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ___RD C:\Program Files (x86)\Skype 2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ____D C:\ProgramData\Skype 2018-07-25 20:50 - 2016-01-23 02:31 - 000000000 ____D C:\Users\d\AppData\Roaming\Skype 2018-07-19 19:55 - 2016-04-19 08:31 - 000000000 ____D C:\Users\d\AppData\Roaming\PrimoPDF ==================== Files in the root of some directories ======= 2004-02-06 21:06 - 2004-02-06 21:06 - 000000000 ____H () C:\ProgramData\sdpsenv.dat 2018-07-18 08:04 - 2018-07-18 08:04 - 000000600 _____ () C:\Users\d\AppData\Local\PUTTY.RND 2018-01-13 16:54 - 2018-01-13 16:54 - 000000218 _____ () C:\Users\d\AppData\Local\recently-used.xbel Some files in TEMP: ==================== 2016-06-17 10:37 - 2016-06-17 10:37 - 003045232 _____ (AnVir Software) C:\Users\d\AppData\Local\Temp\AnVir.exe 2016-04-19 08:35 - 2016-04-19 08:35 - 008108488 _____ () C:\Users\d\AppData\Local\Temp\converter.exe 2014-06-19 00:36 - 2014-06-19 00:36 - 000374208 _____ (ESET) C:\Users\d\AppData\Local\Temp\InstHelper.exe 2016-11-03 20:36 - 2016-11-03 20:36 - 000737856 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-01-27 05:24 - 2017-01-27 05:24 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-05-04 14:05 - 2017-05-04 14:05 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-07-21 17:36 - 2017-07-21 17:36 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u141-windows-au.exe 2017-11-24 13:32 - 2017-11-24 13:32 - 001856576 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u151-windows-au.exe 2018-03-28 00:30 - 2018-03-28 00:30 - 001864256 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u161-windows-au.exe 2018-04-25 06:46 - 2018-04-25 06:46 - 001884616 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u171-windows-au.exe 2016-03-23 22:16 - 2016-03-23 22:16 - 000736320 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u77-windows-au.exe 2016-07-04 06:55 - 2016-07-04 06:55 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u91-windows-au.exe 2016-02-09 23:54 - 2016-01-31 21:51 - 000041432 _____ () C:\Users\d\AppData\Local\Temp\kh_5552.dll 2014-06-17 04:32 - 2014-03-25 00:55 - 000099096 _____ () C:\Users\d\AppData\Local\Temp\LMkRstPt.exe 2017-05-29 05:06 - 2017-05-29 05:06 - 001457312 _____ (Sysinternals - www.sysinternals.com) C:\Users\d\AppData\Local\Temp\loeschen64.exe 2016-02-09 23:54 - 2016-01-31 21:51 - 000038872 _____ () C:\Users\d\AppData\Local\Temp\mh_5552.dll 2016-06-03 21:44 - 2016-06-03 21:44 - 001086464 _____ (Opera Software) C:\Users\d\AppData\Local\Temp\Opera_installer_2016634422903.dll 2016-12-16 03:25 - 2018-07-10 21:46 - 065875720 _____ (Paramount Software UK Ltd) C:\Users\d\AppData\Local\Temp\reflectPatch.exe 2016-02-09 05:18 - 2018-07-25 20:51 - 057812744 _____ (Skype Technologies S.A.) C:\Users\d\AppData\Local\Temp\SkypeSetup.exe 2018-04-09 15:53 - 2018-04-09 15:53 - 004845696 _____ (ESET) C:\Users\d\AppData\Local\Temp\SysInspector.exe 2015-12-31 14:07 - 2015-12-31 14:08 - 031948192 _____ (IDM Computer Solutions, Inc.) C:\Users\d\AppData\Local\Temp\uc_english.exe 2017-05-10 12:32 - 2017-05-10 12:32 - 014456872 _____ (Microsoft Corporation) C:\Users\d\AppData\Local\Temp\vc_redist.x86.exe 2015-08-03 01:58 - 2015-08-03 01:58 - 000118784 _____ () C:\Users\d\AppData\Local\Temp\xmlUpdater.exe 2016-02-09 23:52 - 2013-07-06 17:02 - 001520544 _____ (Pitrinec Software) C:\Users\d\AppData\Local\Temp\~cbu_tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-08-17 04:06 ==================== End of FRST.txt ============================ --- --- --- |
18.08.2018, 12:53 | #11 |
| Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Hinweis: - Einige Passwort-Cracker, Kryoptographieprogramme und einen Keylogger hatte ich selbst mal installiert. Der PC ist schon recht lang im Einsatz und es hat sich einiger Kram angesammelt, sorry. - Auch Kaspersky hat Reste hinterlassen (Upgrade Launcher). Echt ärgerlich. Erneut Danke. Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by d (18-08-2018 11:37:09) Running from C:\Users\d\Desktop Windows 8.1 Pro (Update) (X64) (2014-06-10 23:25:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1417334993-2898295356-3386692794-500 - Administrator - Disabled) d (S-1-5-21-1417334993-2898295356-3386692794-1001 - Administrator - Enabled) => C:\Users\d Guest (S-1-5-21-1417334993-2898295356-3386692794-501 - Limited - Disabled) ___VMware_Conv_SA___ (S-1-5-21-1417334993-2898295356-3386692794-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden . . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden 7+ Taskbar Tweaker v5.2.1 (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\7 Taskbar Tweaker) (Version: 5.2.1 - RaMMicHaeL) 7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov) Abelssoft Undeleter (HKLM-x32\...\{1FB7B731-3479-4128-8299-A53922E47675}_is1) (Version: 4.2 - Abelssoft) AbleWord v3.0 (HKLM-x32\...\AbleWord_is1) (Version: - ) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) AkelPad 4.9.7 (HKLM-x32\...\AkelPad) (Version: 4.9.7 - ) Alternative Flash Player Auto-Updater (HKLM-x32\...\{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1) (Version: 1.2.0.1 - pXc-coding.com) Anki (HKLM-x32\...\Anki) (Version: - ) AnVir Task Manager Free (HKLM-x32\...\AnVir Task Manager Free) (Version: - AnVir Software) AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.0.0.0 - iMobie Inc.) AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.) Apple Application Support (32-Bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.) ASF-AVI-RM-WMV Repair 1.82 (HKLM-x32\...\ASF-AVI-RM-WMV Repair_is1) (Version: - Repair Video, Inc.) Battery Alarm (HKLM-x32\...\{B7A43DA2-F2FD-44C2-A044-D24C3751C1BD}) (Version: 1.0.0 - Steve Emmons) BatteryBar (remove only) (HKLM\...\BatteryBar) (Version: - ) BatteryMonitor (HKLM-x32\...\{F9046ACF-EF0A-47D6-8D37-64941CCCD4C0}) (Version: 1.0.0 - Mad Dog Apps) Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation) Bluefish 2.2.10 (HKLM-x32\...\Bluefish) (Version: 2.2.10 - The Bluefish Developers) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) ChildWebGuardian PRO version 5.11.0.0 (HKLM-x32\...\ChildWebGuardian PRO_is1) (Version: 5.11.0.0 - Zimin Sergei Aleksandrovich IP) Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU) CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World) CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.) CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3223 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DigiBookBrowser Version 1.5.3.87 (HKLM-x32\...\{21357E10-BDCB-4CDD-B2A3-905DD7ED653D}_is1) (Version: 1.5.3.87 - LECRE Inc.) doPDF (HKLM\...\{B271A7AA-588F-418F-8F65-37E38CBEABB2}) (Version: 8.5.940 - Softland) Hidden doPDF 8 (HKLM-x32\...\{fb478b24-519a-43d4-aeea-9a6712d28811}) (Version: 8.5.940 - Softland) EaseUS Todo Backup Home 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd) ECOみえグラフ (HKLM\...\{01F84262-DBC2-4B4D-8C4A-1C82D2CD88AA}) (Version: 1.5.0 - NEC Personal Computers, Ltd.) ECOモード設定ツール (HKLM\...\{1D2AF0E5-3B07-4B0F-98BD-03F0918BC367}) (Version: 5.7.0 - NEC Personal Computers, Ltd.) EditPlus (64 bit) (HKLM\...\EditPlus) (Version: - ES-Computing) EF Process Manager (HKLM-x32\...\EF Process Manager) (Version: - EFSoftware) EmEditor (64-bit) (HKLM\...\{36CC25CA-2E71-4839-A822-0D1EC0E52145}) (Version: 15.7.2 - Emurasoft, Inc.) Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project) ExactFile 1.0.0.15 (HKLM-x32\...\ExactFile_is1) (Version: - StudyLamp Software LLC) f.lux (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Flux) (Version: - f.lux Software LLC) Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group) Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.73.328 - Digital Wave Ltd) Geany 1.26 (HKLM-x32\...\Geany) (Version: 1.26 - The Geany developer team) GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden GPSoftware Directory Opus (HKLM-x32\...\{0A6AA615-5321-43A0-AFAE-97BF95013EA0}) (Version: 11.19 - GPSoftware) Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.) HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software) iMazing 2.5.4.0 (HKLM\...\iMazing_is1) (Version: 2.5.4.0 - DigiDNA) iMyfone D-Back 4.5.1.0 (HKLM-x32\...\{071B9303-5881-4BC6-B9E9-2E2D22C015C1}_is1) (Version: 4.5.1.0 - Shenzhen iMyfone Technology Co., Ltd.) Intel Anti-Theft Discovery App (HKLM-x32\...\{B59285B4-6478-4FE2-9158-AAC7E4D892C3}) (Version: 1.1.2.8 - Intel Corporation) Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.7.0.179 - Intel) Hidden Intel(R) Computing Improvement Program (HKLM\...\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}) (Version: 2.1.03638 - Intel Corporation) Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3338 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.3.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{396E9B28-F15F-4C05-A401-99DE1874C2CA}) (Version: 4.2.40.2439 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000071-0190-1031-84C8-B8D95FA3C8C3}) (Version: 19.71.0 - Intel Corporation) Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel) IntelliWebSearch v.3 (HKLM-x32\...\IntelliWebSearch) (Version: 3.2.0.5 - Michael Farrell) IntelliWebSearch v.5 (HKLM-x32\...\IntelliWebSearch5) (Version: - Michael Farrell) IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan) iTools 3 (HKLM-x32\...\ThinkSky) (Version: - Shenzhen Thinksky Technology Co., Ltd.) Java 10.0.1 (64-bit) (HKLM\...\{D33DF729-38BB-5651-9D40-93BFEFB5DCED}) (Version: 10.0.1.0 - Oracle Corporation) jEdit 5.3.0 (HKLM\...\jEdit_is1) (Version: 5.3.0 - Contributors) Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy) KeyboardTest V3.2 (HKLM\...\KeyboardTest_is1) (Version: 3.2 - PassMark Software) KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - ) L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version: - ) LibreOffice 6.0.5.2 (HKLM\...\{9645CDEF-085C-45F7-A3CD-B4B7046EF78C}) (Version: 6.0.5.2 - The Document Foundation) Linkman (HKLM-x32\...\Linkman) (Version: 8.98 - Outertech) Macrium Reflect Free Edition (HKLM\...\{1A399324-9784-4384-927F-0FEA922BC516}) (Version: 7.1.3317 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.) Mailbird (HKLM-x32\...\{242E441B-2194-4499-9EE7-2AA76C5E2318}) (Version: 2.2.1 - Mailbird) Malwarebytes Version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes) Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden MicroDicom DICOM viewer 2.2.5 (HKLM-x32\...\MicroDicom) (Version: 2.2.5 - MicroDicom) Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.) Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation) Microsoft Server Speech Text to Speech Voice (de-DE, Hedda) (HKLM-x32\...\{ACFCC7B5-C028-40AE-A5F5-9778B41F22A2}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{e7784e4f-df08-46b2-8c4f-f981ee32bcff}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mnemosyne 2.5 (HKLM-x32\...\Mnemosyne_is1) (Version: - ) Mouse Speed Switcher v3.4.0 (HKLM-x32\...\{D477774F-C7C1-4D63-B170-7242090BA710}_is1) (Version: - Gianpaolo Bottin) Movie Maker (HKLM-x32\...\{970F982A-E889-486B-BB26-B8598280D924}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla) Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla) Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla) MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) music.jp PLAY 4.0 (HKLM-x32\...\music.jp PLAY_is1) (Version: 4.0 - Ventis Media Inc.) NoteBook FanControl (HKLM-x32\...\{00111A7A-77A7-4AC6-A272-A56DFAD517E7}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare) Hidden NoteBook FanControl (HKLM-x32\...\{666d9f07-291b-44a5-b86f-d5240e78692d}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team) NoteTab 7 Trial (Remove only) (HKLM-x32\...\NoteTab 7 Trial_is1) (Version: 7.2 - Fookes Holding Ltd) novaPDF 8 Printer Driver (HKLM\...\{F9F62525-05B6-4AD7-8D30-0D872CC1FB3C}) (Version: 8.5.940 - Softland) novaPDF 8 SDK COM (x64) (HKLM\...\{2A16E811-1C7B-4483-96F7-226C8D738F34}) (Version: 8.5.940 - Softland) novaPDF 8 SDK COM (x86) (HKLM-x32\...\{A6DF899D-5518-4DAB-A4F9-F7D0CDD43224}) (Version: 8.5.940 - Softland) OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation) Opera developer 56.0.3045.0 (HKLM-x32\...\Opera 56.0.3045.0) (Version: 56.0.3045.0 - Opera Software) Opera Stable 54.0.2952.71 (HKLM-x32\...\Opera 54.0.2952.71) (Version: 54.0.2952.71 - Opera Software) Oracle VM VirtualBox 5.1.34 (HKLM\...\{2FDA51A1-BCE0-40C6-9EC9-7778F72525C9}) (Version: 5.1.34 - Oracle Corporation) PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH) PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH) PDF-XChange Editor (HKLM\...\{5C198985-6833-4F92-BE9A-33FC8ACC1025}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.) Hidden PDF-XChange Editor (HKLM-x32\...\{344e7cdb-4fda-4dc1-9dd8-1fa7b1694d7c}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.) PhoneRescue (HKLM-x32\...\PhoneRescue) (Version: 3.1.2.0 - iMobie Inc.) Pinta 1.6 (HKLM-x32\...\{833CBF68-0FE7-44A4-86E6-71DE50A30465}) (Version: 1.6.0.0 - Pinta Community) Hidden Pinta 1.6 (HKLM-x32\...\{aaa32734-ca38-494d-836c-f41822d11ed5}) (Version: 1.6.0.0 - Pinta Community) Play.net (HKLM-x32\...\{8CE3D78F-7B81-46F5-977A-12DBA2CB5B9A}) (Version: 2.1.6 - NEC Personal Computers, Ltd.) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Postbox (4.0.8) (HKLM-x32\...\Postbox (4.0.8)) (Version: 4.0.8 (en-US) - Postbox, Inc.) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) Prio (HKLM\...\Prio) (Version: 2.1.0.4391 - ) Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32) Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.0.0.276 - Bitsum) PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala) PyKeylogger - Simple Python Keylogger (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\PyKeylogger) (Version: 1.2.1 - ) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) Roxio Creator LJ (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.2.43.19 - Roxio) Second Copy 8 (HKLM-x32\...\Second Copy 8_is1) (Version: 8.1.2.0 - Centered Systems) SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com) Skype Version 8.27 (HKLM-x32\...\Skype_is1) (Version: 8.27 - Skype Technologies S.A.) Smart Update (HKLM-x32\...\{EA65772D-1999-462B-BFC0-480A9515ABCC}) (Version: 2.0.2.0 - NECパーソナルコンピュータ株式会社) SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.) Hidden SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\InstallShield_{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.) SmEdit v1.170 (HKLM-x32\...\SmEdit) (Version: 1.170 - Sinner Computing) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - ) Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) SuperMemo (HKLM-x32\...\SuperMemo) (Version: 17.11 - SuperMemo World) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.8 - Synaptics Incorporated) Syncios Data Recovery 1.0.9 (HKLM-x32\...\Syncios Data Recovery) (Version: 1.0.9 - Anvsoft) System Checkup 4.0 (HKLM-x32\...\{918D30D3-AD9B-43A8-9EF7-463075DC93CD}_is1) (Version: 4.0.0.146 - iolo technologies, LLC) TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer) TED Notepad (HKLM-x32\...\TED Notepad) (Version: 6.0.2 - Medvedik, Juraj Simlovic) Telegram Desktop Version 1.2.15 (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.15 - Telegram Messenger LLP) TextPad 8 (HKLM\...\{861AB1C1-1967-4C4A-BF86-C255E2D2B8FD}) (Version: 8.0.0 - Helios) UltraCompare (HKLM-x32\...\{C5337996-B87D-4CB8-A9D9-A9D66F27B88E}) (Version: 15.20.0.6 - IDM Computer Solutions, Inc.) UltraEdit (HKLM\...\{AFFE5F64-3248-41E9-96AE-8B475F6EFAB3}) (Version: 22.20.0.49 - IDM Computer Solutions, Inc.) Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation) Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation) VEDIT 6.2 (HKLM-x32\...\Vedit) (Version: - ) VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - ) Vivaldi (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Vivaldi) (Version: 1.14.1077.45 - Vivaldi) VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN) WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc) WhatsApp (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\WhatsApp) (Version: 0.2.5371 - WhatsApp) WhoCrashed 6.01 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows-Treiberpaket - Intel (NETwNb64) net (10/16/2017 19.10.10.2) (HKLM\...\87BD50FDDBB077656313DAABF938DE8C31D89265) (Version: 10/16/2017 19.10.10.2 - Intel) Windows-Treiberpaket - Intel (NETwNb64) net (10/31/2017 18.33.11.2) (HKLM\...\D6CC402604E3676A6C8B5028A493400358139A70) (Version: 10/31/2017 18.33.11.2 - Intel) WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software) WMV Joiner version 1.1.2.8 (HKLM-x32\...\WMV Joiner_is1) (Version: - ) Zimbra Desktop (64-bit) (HKLM\...\{9D3B5C7A-BB5B-4B92-8CF7-AE28F9E4C24A}) (Version: 7.2.8.12102 - Zimbra) おすすめメニューNavi (HKLM\...\{69561DE9-373F-4273-AE2D-BD076E552C0C}) (Version: 2.2.1 - NEC Personal Computers, Ltd.) おすすめ設定 (HKLM\...\{61558C29-0C3A-442B-A43C-C883B94E8929}) (Version: 1.0.0 - NEC Personal Computers, Ltd.) おてがるバックアップ (HKLM-x32\...\{F353F974-64FF-44F5-AE2D-D079964C5685}) (Version: 4.6 - Roxio) オンスクリーン表示の設定 (HKLM\...\{C8E0D8C6-7C6B-4EBE-B02A-C97E17796B97}) (Version: 1.0.0 - NEC Personal Computers, Ltd.) クイックパワーオン (HKLM\...\{98916919-5ACD-415A-AA04-7B7B0A425BE6}) (Version: 1.1.0 - NEC Personal Computers, Ltd.) ソフト&サポートナビゲーター (HKLM-x32\...\{8AF94405-08BB-4CF6-8856-84C88EAA7ECA}) (Version: 1.5.7 - NEC Personal Computers, Ltd.) ソフト&サポートナビゲーター修正モジュール(2013年秋冬) (HKLM-x32\...\{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 - ) Hidden ソフト&サポートナビゲーター修正モジュール(2013年秋冬) (HKLM-x32\...\InstallShield_{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 - ) Hidden ソフト&サポートナビゲーター修正モジュール(Windows 8.1対応) (HKLM-x32\...\{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 - ) Hidden ソフト&サポートナビゲーター修正モジュール(Windows 8.1対応) (HKLM-x32\...\InstallShield_{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 - ) Hidden バッテリ・リフレッシュ&診断ツール (HKLM\...\{B3806CF1-829E-4280-BC3E-1636035908FD}) (Version: 1.12.0 - NEC Personal Computers, Ltd.) パネルオープンパワーオンの設定 (HKLM\...\{D637EF1B-3B6A-4680-A2F2-ACB6BF464DFA}) (Version: 1.2.0 - NEC Personal Computers, Ltd.) パワーオフUSB充電の設定 (HKLM\...\{DFA0E609-8481-4E32-828E-7311E4936F99}) (Version: 2.4.0 - NEC Personal Computers, Ltd.) ピークシフト設定ツール (HKLM\...\{4F3E3604-F81F-4768-BD87-6A692338A847}) (Version: 1.3.0 - NEC Personal Computers, Ltd.) ファイナルパソコンデータ引越し 9 plus for NEC (HKLM-x32\...\{EE57E154-979A-4C6D-8459-296B1526D3FE}) (Version: 7.00.629.0 - AOS Technologies) フォト ギャラリー (HKLM-x32\...\{CAF46B72-12E2-4FE7-A348-45999E69E1FE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ワンタッチスタートボタンの設定 (HKLM\...\{AB281E2C-FA39-4CC0-B1B0-3DF24AD5B3D0}) (Version: 1.19.1312 - NEC Personal Computers, Ltd.) Hidden 再セットアップメディア作成ツール (HKLM-x32\...\{157C8082-2627-4236-A6CC-B797CF91D576}) (Version: 6.2.0 - NEC Personal Computers, Ltd.) 筆ぐるめ 20 (HKLM-x32\...\{02D371DE-95DC-4F6F-A1A6-4C957D6721A9}) (Version: 20.00.0008 - 富士ソフト株式会社) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{05468442-062B-425B-A1E5-7DC9077C0734}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{070057DA-0223-4D7E-B886-7CF38806F044}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0C89916D-7B21-4578-805E-A62B6DB24B85}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0EAEF7F0-4566-4FC1-9170-8A02C4889CBD}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{110BD641-44EE-4E95-9CC9-0E21EDAB4A3B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1132C079-B5D2-47CC-8976-C03989AB1531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1153FA7B-6348-420B-B0BF-E6B63D9AA284}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{132C9446-2F32-4CBA-8C03-FB8C8FFECAF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{13526224-3C67-43AB-82A8-2740A138723E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{166669E8-3E01-4D42-B3C0-62FADDBAB00A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{181AC033-9534-4567-B173-6DA6525424E3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19261A68-E50E-497B-A0BA-9909C586A9D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19B119EA-A452-477B-8423-EAF115A29CEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1DEDC126-F5F3-48F1-9DB5-03D9BBC4F83E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1E65BA05-6325-4B65-9D63-97DF1FEC92BB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{22410B2E-909D-4A70-8234-C64A75F9B844}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{262E2007-2F51-430E-9F43-A2F4BE8AAB65}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2797C792-9879-47ED-944C-19EBE866FC24}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2847421D-1EE5-4356-AFB2-DFE4E9D61C68}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{28916419-ECF6-45F0-8F20-87024C3837F6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{295CEEF4-708C-48DB-8F3B-C30047A51281}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2BDB4786-A72C-4775-8FA4-A59967325612}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2CE81929-7B17-4394-ABBF-765AF900A3EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32515D47-A1DD-4E97-A8B9-4B92D517C8A8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32ABFD53-EC5A-4A31-8FB6-A0E8EEA4A31F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{35A48AC8-5632-4A47-B564-7B75321826E1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3932E526-705D-41B5-83FD-87D1DB82B6A7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3C0C7828-2BD0-4B57-B656-B5DB09550E73}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3DDC5BB3-A9B0-4787-B700-AD84FD0EB4D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3E7FF6D2-2973-4FA7-BDD8-1924AFDF2764}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{40BCE962-264C-452E-92E7-B5F35B3F2436}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{42AA6491-4D25-4054-AF0E-203B0780C144}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{43C9A239-A357-4176-9DED-49CFECD93C0B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{44AB264B-7136-4E41-A9AC-B9F876D162EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4B0CA027-383D-41E6-97D7-F5EDEBC4916F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4C7A1662-008F-4EDC-97D3-D4199B062B4A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAD847C-28D6-4EA2-A833-63AC04BBDB02}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAFD059-0F6A-4024-A81A-087CDB7D4633}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{51D11E0A-BF6C-4E44-8AB0-1AA8A2A73BF4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{58F1A0DF-3038-4DD1-BCF6-406DD6AA4D1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll () CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E0CBCC1-A35D-447F-923F-5783E22ED791}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E5558B7-1B65-4EA1-92F4-8E9567C2ABFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{606372CE-5093-4FD7-A37D-3CE22496B6F9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{61267647-B40C-4050-ACE4-985D93253DFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{62162BC5-8419-4241-980C-649CC91B1E1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6282C6EB-E17C-4617-B72B-DB671AC7ABDE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{638C2808-47DE-4CC6-99B5-789EB0C86D77}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6619B693-BB07-475B-B595-C77E4CD3EBEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{68F233B6-F8C3-4A96-9100-003BCDCE53B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6CA7C35E-1FC1-4C66-91A7-1FE5178F36A9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6DB6DF3B-0DF4-4C66-B0FD-216BA16A1D34}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{721088D3-BD36-468C-8916-B5F2074F8023}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{760A2160-66F5-42F2-AD7A-A62AD9756CDF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7660000A-03D2-476F-91FC-2D863D6DCC03}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7725641E-7AB5-49EE-922D-E703CDB98588}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{782485F1-AA61-4F5F-8A59-03B6D2FF91C1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7AAA42E5-5C43-48D1-B298-71146A878F7C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7E6249E7-95C5-40CF-8E15-0034BA49F49B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{849783D6-6561-434F-ACE1-8A67783ED4FF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{8ED73585-3AA8-41E2-A98B-85FE2857B420}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{9F92194F-9039-4E49-BB83-1168EC86ABD9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A1B66AF8-20FB-4B52-947E-60F2048A2821}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A57DB49B-ABA0-45BE-AA2D-28C13E2919D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A782D6BE-5799-406E-86E1-6C5442F0D902}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B032B620-06B1-4D98-B09E-9D5BD7CD3BEC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B0F43F65-6282-457A-AAFC-8B0597EB8591}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B3726FEF-1166-4B1C-AB33-1FD76AE2B0E7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll () CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B604EC25-0C5D-48DB-9E7C-243EDB3D84BF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B80972C9-AF80-4F71-BB2B-9CB1FAED19F0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BC5D198E-58DF-4267-BBDB-22FF193B255D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BF87ECFF-1A50-4CDD-BF9F-991EDCF75B1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C09AC76A-826E-491E-87E0-46807D8215A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3B42C03-C1B7-4c1a-B384-BBAE19646333}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll () CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3D9D1E2-08A6-4937-AC5B-AA1E9A0971B9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C4E34FA1-F051-4754-AC47-B946EA04031D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C85E45FD-576D-43FE-81C5-C4012999FEFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8618129-8966-4851-A99A-4EEF208620AF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8F46A32-4FE4-408C-9F91-7F06460F42AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CB2CFC1A-5069-475C-B4BD-621E2A9A3A1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CFB39FCE-8A04-479A-9248-0D3F45763954}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DAFE2BB3-20A0-45EA-A032-D42627572BCC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DCBA6A6C-FEBD-4BE5-B027-B59730A4BA22}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DF3FAE68-02A8-4A29-A254-D04E03E4058D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DFA026EA-2024-4088-8417-126A2E2D2486}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{EAE666EA-3CB0-403D-974F-5D8358DE67FA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F0E2DAE4-25FA-4638-B789-B01CA9B4329C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F2AC96B1-3579-4F87-9111-DC670C02BEEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F43FEE01-24DB-4AC9-8FCF-73F1CBECDD8C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F8069691-0850-4326-B317-D5AF35F5DFA0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F83118C7-0841-4A6C-BA28-855B24B17C1A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F93AD34F-D933-4BB7-917E-694DB52F82F8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FB3D4710-33E5-4E78-8BF5-CE34A431174F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FC48C6DE-CEEB-4774-9412-2FF5689A8C9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] () ContextMenuHandlers1: [EditPlus] -> {36D94110-787C-4828-9C1B-0DAFEBC36069} => C:\Program Files\EditPlus\eppshell64.dll [2015-07-07] () ContextMenuHandlers1: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.) ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project) ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH) ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd) ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) ContextMenuHandlers2: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.) ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project) ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd) ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) ContextMenuHandlers4: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.) ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project) ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2014-06-13] (Intel Corporation) ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project) ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft) ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software) ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2015-11-29] () ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] () ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraEdit] -> {b5eedee0-c06e-11cf-8c56-444553540000} => C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll [2015-12-15] () ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software) ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] () ContextMenuHandlers5_S-1-5-21-1417334993-2898295356-3386692794-1001: [DOpus] -> {B9DD4945-1BED-4CB7-994C-F40B72B7725A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0FC94078-783C-4F45-9A83-EA7E687FF98A} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe Task: {14C6A237-47B6-420D-98C7-B48C0E16B8BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {1C957448-077E-44CE-A9AF-942431EDCAAF} - System32\Tasks\Opera scheduled Autoupdate 1402604082 => C:\Program Files (x86)\Opera\launcher.exe [2018-08-07] (Opera Software) Task: {49D7EB9A-811C-4735-80A0-C626241A15DD} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-26] (Oracle Corporation) Task: {4AEAC1FC-86EF-4742-9F8F-B9BB85B7E32A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation) Task: {56E998C4-C729-4325-8DA2-4D1C164BFFFA} - System32\Tasks\Opera scheduled Autoupdate 1464983063 => C:\Program Files (x86)\Opera developer\launcher.exe [2018-08-14] (Opera Software) Task: {662EC505-D38A-4048-88F0-30F654CC04AC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-05-28] (AO Kaspersky Lab) Task: {72475EF4-D144-4C6F-8F30-933D699AE0A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {74E6B7CD-C7A0-4552-8046-5B979C3B430F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-16] (Adobe Systems Incorporated) Task: {7A7C5B78-C9AB-45BE-A61B-68419944F701} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated) Task: {87DE09A6-0A20-44AF-9ECC-173BF2339374} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.) Task: {8934D95E-BD1D-4B60-A7AA-28FD77234F91} - System32\Tasks\Anvirlauncher => C:\Program Files (x86)\AnVir Task Manager Free\anvirlauncher.exe [2016-02-28] (AnVir Software) Task: {8A17FE54-DBCC-4FBA-98EA-FD88B993F327} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {9331D4AE-B609-43C9-A4F8-B611DEFF68FA} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {A06C3BF2-C5E5-417C-AE66-C08BCDCCC271} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {A228AF77-7ABF-4820-A6E7-DA52E1BF7474} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation) Task: {A61B8BBA-960E-417E-B619-DE3911B4B16E} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2016-03-03] () Task: {AC925663-4A09-4B04-A33D-931EF33440D9} - System32\Tasks\{81F0B437-B032-4F42-869E-9200A9004B28} => c:\program files (x86)\opera\launcher.exe [2018-08-07] (Opera Software) Task: {ADDFE40F-97EB-4137-90F2-DFF443367FF5} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-16] (Adobe Systems Incorporated) Task: {B211236C-FE4B-41DA-8712-37B56F7D9092} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [2018-08-16] (Adobe Systems Incorporated) Task: {BBB5FFB3-5780-4C21-BA21-95B793B6AFC4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Task: {BCD4E4EC-D945-40F3-9E6A-E0BAFB278317} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-04] (Synaptics Incorporated) Task: {DC27D5DC-9313-4CC9-9BC6-F153E68E9FF3} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2016-07-25] () Task: {DF167F93-F3BA-4561-93FC-768E43939C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.) Task: {E721563C-197D-47C4-9FE5-017A47B512F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {EDDC835F-5FFF-47DA-8849-A24D9414705E} - System32\Tasks\Core Temp Autostart d => C:\Program Files\Core Temp\Core Temp.exe [2018-05-20] (ALCPU) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-04-19 07:32 - 2015-09-01 15:41 - 000095008 _____ () C:\windows\System32\Primomonnt.dll 2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-08-12 12:06 - 2013-08-12 12:06 - 000198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-08-12 12:06 - 2013-08-12 12:06 - 000054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-08-12 12:06 - 2013-08-12 12:06 - 000034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2017-01-15 23:31 - 2017-01-15 23:31 - 000012704 _____ () C:\Program Files\Prio\prio_svc.exe 2016-07-25 16:40 - 2016-07-25 16:40 - 000486264 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe 2015-12-17 12:13 - 2015-12-17 12:13 - 004930560 _____ () C:\Users\d\Desktop\acv507\ArsClip.exe 2018-04-12 19:09 - 2018-04-09 20:24 - 000966512 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000343912 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000139120 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000360304 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000040816 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000499568 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000081768 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000114536 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000089968 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000073576 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000298864 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000978800 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000339816 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000126824 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000175984 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll 2018-04-12 19:09 - 2015-05-21 14:32 - 002403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll 2018-04-12 19:09 - 2018-04-09 20:24 - 000188272 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll 2017-07-18 00:46 - 2018-03-20 12:08 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll 2017-07-18 00:46 - 2018-03-20 12:08 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll 2017-07-18 00:46 - 2018-03-20 12:08 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll 2017-07-18 00:46 - 2018-03-20 12:08 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll 2014-04-11 09:48 - 2013-10-15 06:10 - 000541683 _____ () C:\Program Files (x86)\CyberLink\NEC Move Media Server\sqlite3.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 002317688 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iOSDevice.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 001362808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscCore.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000180088 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscMods.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000152952 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Network.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000402808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\TSLib.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000668536 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\UICore.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000044920 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Common.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000385912 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MediaUtil.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000548728 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Sqlite.dll 2016-07-25 16:40 - 2016-07-25 16:40 - 000103288 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\ZLib.dll 2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-01-31 10:45 - 2011-01-31 10:45 - 000559244 _____ () C:\Program Files (x86)\Linkman\sqlite3.dll 2018-08-08 19:10 - 2018-08-08 19:10 - 087838296 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\opera_browser.dll 2018-08-08 19:10 - 2018-08-08 19:10 - 003871320 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\libglesv2.dll 2018-08-08 19:10 - 2018-08-08 19:10 - 000086616 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\libegl.dll 2013-10-21 02:36 - 2013-08-08 06:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322] AlternateDataStreams: C:\ProgramData\Temp:8EFFFE8D [294] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\stwfp => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.reg: \shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit => <==== ATTENTION HKLM\...\.bat: => <==== ATTENTION HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Classes\.bat: batfile => <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\google.com -> hxxps://docs.google.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2017-08-01 22:33 - 000000853 _____ C:\windows\system32\Drivers\etc\hosts 127.0.0.1 cryptomator-vault ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "IntelAntiTheftDiscoveryAppIECNotifier" HKLM\...\StartupApproved\Run: => "AtrioSide" HKLM\...\StartupApproved\Run: => "Eraser" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "YouCam Service" HKLM\...\StartupApproved\Run32: => "ChildWebGuardian PRO Agent" HKLM\...\StartupApproved\Run32: => "DSATray" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\StartupFolder: => "Telegram.lnk" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Mailbird" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "DVSFreeVideoCallRecorder" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "WhatsApp" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F9D643D3-8497-43E4-98F3-38E716915A8E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{E8B770A5-FA45-4D44-B58C-F97DD1977577}] => (Allow) LPort=2869 FirewallRules: [{900BB167-AA6B-4D13-9555-03CB4DDAF294}] => (Allow) LPort=1900 FirewallRules: [{D6F18BAF-16DE-469C-A520-9004AC0498C0}] => (Allow) C:\Program Files (x86)\AOS Technologies\ファイナルパソコンデータ引越し 9 plus for NEC\pcmover.exe FirewallRules: [TCP Query User{A744A787-26B6-4CBF-AC16-D8B16B6CD448}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{3611C606-8BCD-4157-B7F0-97CA21424398}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{0B623E7A-4890-41D8-8372-1C130AC8A356}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{09F7B869-195F-40C6-B266-6B04AFB2884F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{3C3010E4-90F7-42A7-89F9-E3444CF94B06}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe FirewallRules: [{AE7790C2-8769-41C5-841F-8D2AD8D9BA01}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe FirewallRules: [{7BAC5F7A-284F-4108-9BC5-B75C3D72552E}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe FirewallRules: [{9FFB909A-2927-4085-8066-0879D3AA0793}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe FirewallRules: [{F9D77D4C-761D-430E-88CB-D1B7A52097C8}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe FirewallRules: [{11F3629D-245B-451A-A98E-64DFBD07B295}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe FirewallRules: [{56F4AF8E-57F8-41B4-A65A-0FBBA6C76B40}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe FirewallRules: [{13C3D64E-22F7-4BA1-B58B-53265677C553}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe FirewallRules: [{A0C999BA-C8BC-4281-8601-73750E5F1723}] => (Allow) LPort=8501 FirewallRules: [{32AB8D67-D054-4A79-8823-614FFEF6E01F}] => (Allow) LPort=8501 FirewallRules: [{505DA236-3A56-424B-9B99-EBB755EEC9AA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{A902F6FB-3298-44B9-93ED-191D82C26CB9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [TCP Query User{689C272A-0ECD-47F8-88F6-904975F51D79}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe FirewallRules: [UDP Query User{11A1A67E-B038-48B3-89AB-F8F4F0268BB7}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe FirewallRules: [{2117A44D-9AF0-4D84-A6FA-C2CE767375A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{82444FCE-8B73-4EE6-9321-D147BB55E475}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E0FF1427-02F7-4FCF-B605-AA7720FECB39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C149F272-279C-452B-9C7D-9C93C179E6AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DEE3F7CC-FEC2-4054-9A70-A29139DE0761}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{AB91DF20-D673-499C-B644-030D9703474B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7E815151-6904-496A-AC2D-72FC22009C49}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe FirewallRules: [{3F403557-C2A9-4DB4-A08F-AAA175CF45EA}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe FirewallRules: [{A0292E51-FA3B-40A5-86B6-A69410C15431}] => (Allow) C:\Windows\SysWOW64\fltw.exe FirewallRules: [{F59F9572-DAA8-49A7-B8B8-87D14203E726}] => (Allow) C:\Windows\SysWOW64\fltw.exe FirewallRules: [{21B8CF93-A8AF-49E0-A5A8-4D90D71EA1F4}] => (Allow) C:\Windows\SysWOW64\wstw.exe FirewallRules: [{A664E965-6F9C-4904-97B3-664A88C6C5D6}] => (Allow) C:\Windows\SysWOW64\wstw.exe FirewallRules: [{596BBBC2-6C69-43DD-A9E3-2EAF611B034C}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe FirewallRules: [{F3158699-F2C2-4B4D-9C97-8EDE44D0C91A}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe FirewallRules: [{C69239FF-06A3-4D0A-9444-F72972E53490}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe FirewallRules: [{B4EFD6D8-6BAD-4D07-B5B5-6B2D0EFF9D69}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe FirewallRules: [TCP Query User{B21120BA-3F16-452E-89E6-243273EEED0C}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [UDP Query User{05154D90-C128-45AD-880F-BC2AEC21295A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe FirewallRules: [TCP Query User{0095AFA1-906D-40EB-8740-81E092A2EA5B}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe FirewallRules: [UDP Query User{D4BFC90B-A4EE-47CF-8E06-21798F2B4FC7}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe FirewallRules: [{6DC437CD-3BEE-4A60-81F8-8B67FC3E055E}] => (Block) C:\program files\second copy\seccopy.exe FirewallRules: [{3EF30085-232D-450A-A5C2-2484F10431B5}] => (Block) C:\program files\second copy\seccopy.exe FirewallRules: [TCP Query User{35AEFCDE-F23F-4FD9-AE70-CB0DDF2953CA}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe FirewallRules: [UDP Query User{D6AA058A-D730-4D0C-804C-63DE46208040}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe FirewallRules: [TCP Query User{C339E5B9-07F3-463F-8D92-10E98B07F74E}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe FirewallRules: [UDP Query User{36EE777D-F32F-4484-8CFA-A540C211237B}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe FirewallRules: [TCP Query User{290EC45F-8ECA-465A-8550-807F15B4CB76}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe FirewallRules: [UDP Query User{7FB492CB-F6F5-4EE0-864F-95F55A6DFDEB}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe FirewallRules: [{A27C0608-11DD-46B0-93E8-8CB7D21E4418}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{5A3641B2-C624-4A94-8FA9-DE244F8FC639}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F164DD20-6078-4B81-961C-083B0FF25404}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{FBB6CB95-B7E6-4818-B62D-6724C436E3B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{103298D7-C2C7-4895-AF93-CD4A59B6C354}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{6833B99D-A1FD-4788-ACC3-3B5D8B6FDB81}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{2DC48355-FECA-488E-8202-684BD0D8D84C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{F6EF11B6-6AEA-4BAE-AA20-E91C42F7AD1F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{18F0E74C-3ACE-4781-B413-F0D422BB63CF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{863A523D-C261-4A82-A2A7-27447A8FC2F4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{FD947FEC-53B3-4BED-B0A8-4DA463021FCA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{D2B23179-C9B9-491E-AC91-B68A0C8ED660}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{84B862B7-8779-41D9-9055-94DBAC95D6DA}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.40\opera.exe FirewallRules: [{50BD2E1A-D1D7-4D61-BBF1-54EBD9BBBC3A}] => (Allow) C:\Program Files (x86)\Opera developer\53.0.2885.0\opera.exe FirewallRules: [{06476787-1BB0-4434-A169-C039F0E60556}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{5D961AE6-CB90-49AD-86B7-26B54B099719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{2A8C58E0-93CA-4A29-A307-B6DE1FCED428}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9B9C6AEE-6B22-4E95-8D70-08F24E69290C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{82536828-3DCD-485E-B8A8-5ABF9005A3A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7CBB4B9B-D49D-4CEB-A6F3-F5616BB0653B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0FC410A5-86DB-49D8-BD08-9989673770EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7ABA5E4A-1B70-4A10-B38E-CFA6AA3B0C7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5587DB5B-9321-4905-BC86-BFA9BDDE3795}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F627D117-A01C-456C-93BC-7264C3A4FFEC}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe FirewallRules: [{3F72EC62-9A98-40DB-BEEB-7E2F44976DA7}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3037.0\opera.exe FirewallRules: [{2CD1F32B-A7E8-4079-AD1A-20A3A188A14C}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe FirewallRules: [{BE925581-CA7C-4454-A982-95444FC76D7D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{D85E2CCA-81C2-493D-936B-6659F467F804}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{9B61E9B1-13F4-4D9F-BCAB-650459099F1D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{602E8DE6-890B-4FAA-8647-4F8602E5A1FA}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3045.0\opera.exe ==================== Restore Points ========================= 04-08-2018 05:31:02 スケジュールされたチェックポイント 13-08-2018 03:46:21 スケジュールされたチェックポイント ==================== Faulty Device Manager Devices ============= Name: Bluetooth デバイス (RFCOMM プロトコル TDI) Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RFCOMM Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth デバイス (パーソナル エリア ネットワーク) Description: Bluetooth-Gerät (PAN) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: BthPan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/18/2018 01:16:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00d50a67 ID des fehlerhaften Prozesses: 0xddc Startzeit der fehlerhaften Anwendung: 0x01d4368051a89d78 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 8f826dc5-a273-11e8-83c2-f05b999e8540 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (08/18/2018 01:16:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: StartSU.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException bei SU_Loader.suLogingCl..ctor() bei SU_Loader.Program.Main() Error: (08/18/2018 12:43:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x005a0a67 ID des fehlerhaften Prozesses: 0x3d8 Startzeit der fehlerhaften Anwendung: 0x01d4367bbe62e49c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: fc37a865-a26e-11e8-83c1-e4e5c75eee11 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (08/18/2018 12:43:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: StartSU.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException bei SU_Loader.suLogingCl..ctor() bei SU_Loader.Program.Main() Error: (08/18/2018 12:24:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00ae0a67 ID des fehlerhaften Prozesses: 0x910 Startzeit der fehlerhaften Anwendung: 0x01d4367907c64e7f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 45ad0d99-a26c-11e8-83c0-de3aeaba4d53 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (08/18/2018 12:24:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: StartSU.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException bei SU_Loader.suLogingCl..ctor() bei SU_Loader.Program.Main() Error: (08/17/2018 08:33:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AkelPad.exe, Version: 4.9.7.0, Zeitstempel: 0x566d49e1 Name des fehlerhaften Moduls: Scripts.dll, Version: 18.2.0.0, Zeitstempel: 0x566d4960 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001145 ID des fehlerhaften Prozesses: 0x16cc Startzeit der fehlerhaften Anwendung: 0x01d43572fc94b529 Pfad der fehlerhaften Anwendung: C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe Pfad des fehlerhaften Moduls: C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Scripts.dll Berichtskennung: 1968fede-a24c-11e8-83bf-b0819159027b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (08/17/2018 08:18:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm dopus.exe, Version 5.0.1.62 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 29e0 Startzeit: 01d436175cc35641 Endzeit: 32108 Anwendungspfad: C:\Program Files\GPSoftware\Directory Opus\dopus.exe Berichts-ID: cf730fb2-a249-11e8-83bf-b0819159027b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: System errors: ============= Error: (08/18/2018 03:37:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "アプリケーション固有" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (LRPC 使用)" keine Berechtigung vom Typ "ローカル アクティブ化" für die COM-Serveranwendung mit der CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} und der APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} im Anwendungscontainer "利用不可" (SID: 利用不可) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (08/18/2018 03:12:01 AM) (Source: DCOM) (EventID: 10010) (User: lavie) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/18/2018 03:11:31 AM) (Source: DCOM) (EventID: 10010) (User: lavie) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/18/2018 02:41:42 AM) (Source: DCOM) (EventID: 10010) (User: lavie) Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/18/2018 02:41:12 AM) (Source: DCOM) (EventID: 10010) (User: lavie) Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (08/18/2018 01:07:39 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY) Description: https://go.microsoft.com/fwlink/?linkid=852572 Error: (08/18/2018 01:07:35 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY) Description: https://go.microsoft.com/fwlink/?linkid=852572 Error: (08/18/2018 01:07:31 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY) Description: https://go.microsoft.com/fwlink/?linkid=852572 Windows Defender: =================================== Date: 2018-08-18 02:42:00.486 Description: Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {ECA8B3E0-FC77-4A51-9543-69805FAB89ED} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT AUTHORITY\SYSTEM Date: 2015-01-09 19:21:31.368 Description: Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {8696B0BA-C38C-47BC-A797-5B2D07EB3E49} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT AUTHORITY\SYSTEM Date: 2015-01-03 21:22:13.756 Description: Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {0CA8E64E-DB17-4DB1-8B14-A894D9352B2C} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT AUTHORITY\SYSTEM Date: 2015-01-02 16:35:21.146 Description: Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {0933CFEE-1894-4B97-8C90-DAF1E3EEA677} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT AUTHORITY\SYSTEM Date: 2014-12-31 21:35:00.771 Description: Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {DCB0C270-B8FB-4DD2-85A2-7C88B5326966} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT AUTHORITY\SYSTEM Date: 2018-03-20 16:35:06.770 Description: Fehler von Windows Defender beim Aktualisieren von Signaturen. Neue Signaturversion: Vorherige Signaturversion: 1.235.2025.0 Updatequelle: Microsoft Update-Server Signaturtyp: AntiVirus Updatetyp: Voll Benutzer: NT AUTHORITY\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.13407.0 Fehlercode: 0x8024001e Fehlerbeschreibung: ??????????????????????????????????????????????????????????????????????????????? Date: 2018-03-20 16:35:06.770 Description: Fehler von Windows Defender beim Aktualisieren von Signaturen. Neue Signaturversion: Vorherige Signaturversion: 1.235.2025.0 Updatequelle: Microsoft Update-Server Signaturtyp: AntiVirus Updatetyp: Voll Benutzer: NT AUTHORITY\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.13407.0 Fehlercode: 0x8024001e Fehlerbeschreibung: ??????????????????????????????????????????????????????????????????????????????? CodeIntegrity: =================================== Date: 2018-04-05 18:43:15.063 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:43:12.454 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:37:50.385 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:37:47.422 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:35:14.515 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:35:10.365 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:32:47.264 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-04-05 18:32:44.610 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 76% Total physical RAM: 4015.7 MB Available physical RAM: 956.94 MB Total Virtual: 12719.7 MB Available Virtual: 8727.84 MB ==================== Drives ================================ Drive c: (Windows 8.1) (Fixed) (Total:225.93 GB) (Free:139.54 GB) NTFS Drive f: (SD192GB) (Removable) (Total:183.33 GB) (Free:35.85 GB) NTFS \\?\Volume{66bded32-fb6e-43d4-af27-9da22351b9e4}\ (Windows RE) (Fixed) (Total:0.93 GB) (Free:0.61 GB) NTFS \\?\Volume{2c42f2fe-9218-4f8d-bd84-2ae9dde67a23}\ (NEC-RESTORE) (Fixed) (Total:11.23 GB) (Free:3.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 7D73FA8C) Partition: GPT. ======================================================== Disk: 1 (Protective MBR) (Size: 183.3 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ |
18.08.2018, 15:47 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Da muss noch mehr alter unnötiger Krempel runter: Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
__________________ Logfiles bitte immer in CODE-Tags posten |
18.08.2018, 16:24 | #13 |
| Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Hallo, ich habe Flash, Acrobat, CrystalDiskInfo und QuickTime mit Revo nun entfernt. Was du gegen 7-Zip und OpenOffice hast, verstehe ich aber nicht. Manchmal macht LibreOffice Probleme, da ist OpenOffice ein geeignetes Fallback. Und 7-Zip ist eins der besten Zip-Programme, sehr hohe Kompatibilität. Das wird meines Wissens auch in Power-User-Kreisen empfohlen. Oh: https://www.borncity.com/blog/2018/02/20/warnung-auf-7-zip-verzichten/ Das ist aber ärgerlich! So ein gutes Programm!! OK, und OOo kommt auch runter. Danke für die Hinweise. ### OK: ALLES ENTFERNT UND NEU GEBOOTET. Geändert von lucina (18.08.2018 um 16:29 Uhr) |
18.08.2018, 16:43 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Beitrag nicht gelesen? Ich habe doch geschrieben, dass alter Krempel runter soll. Das waren nun mal uralte Versionen auf deinem Rechner! Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
18.08.2018, 18:34 | #15 |
| Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) 1. Windows Defender meldet Behavior:Win32/AccessibilityEscalation.N , ein Programm würde Befehle eines Angreifers ausführen: Kategorie: Verdächtiges Verhalten Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus. Empfohlene Aktion: Entfernen Sie diese Software unverzüglich. Elemente: internalbehavior:70D589ACA56E6C9689F046AE47AC4A95 Bitte um Kommentar, wenn möglich. 2. Die Meldung kam nicht während ich FRST64 ausgeführt habe. Dennoch habe ich FRST64 mal gescannt und es ist schon bemerkenswert, welche Sachen FRST64 angeblich in sich birgt: https://www.virustotal.com/de/file/0969984a3f506c66a9a84e5849b7e9bdb68117f75cbf82ca3edab074dcb089ca/analysis/1534504811/ Bitte um Kommentar, wenn möglich. 3. Hier sind FRST.txt und Additional.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018 Ran by d (administrator) on LAVIE (18-08-2018 18:10:24) Running from C:\Users\d\Desktop Loaded Profiles: d (Available Profiles: d) Platform: Windows 8.1 Pro (Update) (X64) Language: Japanisch (Japan) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTSVC.exe (NEC Personal Computers, Ltd.) C:\Windows\SysWOW64\NTMETER.exe (NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftSvc.exe () C:\Program Files\Prio\prio_svc.exe (Centered Systems) C:\Program Files (x86)\Second Copy 8\ScVssService64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (ALCPU) C:\Program Files\Core Temp\Core Temp.exe () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NEC Personal Computers, Ltd.) C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NEC Personal Computers, Ltd.) C:\Program Files\EcoViewer\ecomonsv.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECMFK\necmfk.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECBatt\nbSched.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe (NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTPB.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe (NEC Personal Computers, Ltd.) C:\Program Files\NPSpeed\NPSpeed.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe (Outertech) C:\Program Files (x86)\Linkman\Linkman.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (RaMMicHaeL) C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe (f.lux Software LLC) C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Centered Systems) C:\Program Files (x86)\Second Copy 8\SecCopy.exe (Michael Farrell) C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe () C:\Users\d\Desktop\acv507\ArsClip.exe (Steve Emmons) C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mad Dog Apps) C:\Program Files (x86)\Mad Dog Apps\BatteryMonitor\myBatteryMonitor.exe (pXc-coding.com) C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [NECMFK] => C:\Program Files\necmfk\necmfk.exe [164176 2013-09-19] (NEC Personal Computers, Ltd.) HKLM\...\Run: [IntelAntiTheftDiscoveryAppIECNotifier] => C:\Program Files (x86)\Intel\Intel Anti-Theft Discovery App\IntelAntiTheftDiscoveryAppIECNotifier.exe [142336 2013-06-25] (Intel Corporation) HKLM\...\Run: [NECBatt] => C:\Program Files\NECBatt\nbSched.exe [356688 2013-08-05] (NEC Personal Computers, Ltd.) HKLM\...\Run: [PeakShiftTool] => C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe [244576 2013-07-02] (NEC Personal Computers, Ltd.) HKLM\...\Run: [NECBTPB] => C:\Program Files\NECBoot\NECBTPB.EXE [2789304 2012-10-05] (NEC Personal Computers, Ltd.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-09-04] (Synaptics Incorporated) HKLM\...\Run: [RcdSettings] => C:\Program Files\NEC\NECRcdSettings\RcdSettings.exe [924536 2013-08-27] (NEC Personal Computers, Ltd.) HKLM\...\Run: [NPSpeed] => C:\Program Files\NPSpeed\NPSpeed.exe [3215152 2013-10-08] (NEC Personal Computers, Ltd.) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft) HKLM\...\Run: [AtrioSide] => C:\Program Files\NEC\AtrioSide\AtrioSide.exe [1193328 2013-09-17] (NEC Personal Computers, Ltd.) HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [SmartUpdate] => C:\Program Files (x86)\NEC\SmartUpdate\reservesu.exe [234232 2013-07-08] (NEC Personal Computers, Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-03-16] (Apple Inc.) HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME} HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Linkman] => C:\Program Files (x86)\Linkman\Linkman.exe [1635200 2015-12-23] (Outertech) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [421240 2016-06-10] (GP Software) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [f.lux] => C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\SecCopy.exe [3128616 2013-01-28] (Centered Systems) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] () HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [WhatsApp] => "C:\Users\d\AppData\Local\WhatsApp\app-0.2.5371\WhatsApp.exe" HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [DVSFreeVideoCallRecorder] => "C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\FreeVideoCallRecorder.exe" /minimized HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [IntelliWebSearch] => C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe [224388 2011-04-08] (Michael Farrell) HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation) AppInit_DLLs: prio.dll => No File AppInit_DLLs-x32: prio32.dll => No File IFEO\sethc.exe: [Debugger] logonui.exe ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1580408 2016-06-10] (GP Software) ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [350072 2016-06-10] (GP Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Alternative Flash Player Auto-Updater.lnk [2016-01-16] ShortcutTarget: Alternative Flash Player Auto-Updater.lnk -> C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe (pXc-coding.com) Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip - Verknüpfung.lnk [2016-01-25] ShortcutTarget: ArsClip - Verknüpfung.lnk -> C:\Users\d\Desktop\acv507\ArsClip.exe () Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryAlarm - Shortcut.lnk [2016-04-20] ShortcutTarget: BatteryAlarm - Shortcut.lnk -> C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe (Steve Emmons) Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-09-30] ShortcutTarget: Telegram.lnk -> C:\Users\d\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-500\User: Restriction <==== ATTENTION GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1003\User: Restriction <==== ATTENTION GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1001\User: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 cryptomator-vault Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{A589BE57-42CC-439B-99D1-70AED469ADBE}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> DefaultScope {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2016-07-25] (iTools.hk) BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH) BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2016-07-25] (iTools.hk) Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH) Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - No File Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} - No File FireFox: ======== FF DefaultProfile: 2udj1tce.default FF ProfilePath: C:\Users\d\AppData\Roaming\Postbox\Profiles\ify653so.default [2016-02-10] FF ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default [2018-08-18] FF Session Restore: Mozilla\Firefox\Profiles\2udj1tce.default -> is enabled. FF Extension: (Grammarly for Firefox) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-08-09] FF Extension: (Video DownloadHelper) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-09] FF Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-27] FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-19] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] () FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] () FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation) FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] () FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.) StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6 Chrome: ======= CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\Default [2018-08-03] CHR Extension: (Präsentationen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-19] CHR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-05-31] CHR Extension: (Docs) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-19] CHR Extension: (Google Drive) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-19] CHR Extension: (YouTube) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-19] CHR Extension: (Tab Count) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfokcacdaonnckdmopmcgeanhkebeaio [2018-07-30] CHR Extension: (uBlock Origin) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-03] CHR Extension: (Tab Glutton) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2018-06-25] CHR Extension: (Tabellen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-19] CHR Extension: (Google Docs Offline) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-05] CHR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05] CHR Extension: (Linkman) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchnedaeogijkjjkjigbijhbcanbdjkc [2018-05-05] CHR Extension: (Google Mail) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-19] CHR Extension: (Chrome Media Router) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11] CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-05] Opera: ======= OPR Session Restore: -> is enabled. OPR Extension: (Simple = Select + Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2017-09-11] OPR Extension: (Instant Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aamgapdgopfdmokckpkfciiddpahbbcg [2017-09-11] OPR Extension: (Google Übersetzer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-02] OPR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aejcgigcjcdcbdkdbeiclbpekcjddapp [2016-01-17] OPR Extension: (Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\afmdpmddiokpdknaeofdnlclbpgehhce [2018-07-25] OPR Extension: (TransOver) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2018-08-08] OPR Extension: (SimpleUndoClose) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aipamoaneebnhkfefefbfmhimclgafig [2018-02-19] OPR Extension: (Redirect Bypasser) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\akalifnifmgdmgmjoaiaflkeahpbkghe [2017-05-04] OPR Extension: (Oxford Dictionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbhgfdkgegllnkmnpidalgbgdghilnha [2016-11-10] OPR Extension: (Select like a Boss) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfigpnfillonohmonbadflnapjejfkgm [2017-10-21] OPR Extension: (V7 Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjcegonlhkkclkkglpgjmgnigefhkak [2018-01-14] OPR Extension: (smartUp Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjfekefhjemchdeigphccilhncnjldn [2018-06-27] OPR Extension: (AdGuard Werbeblocker) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2018-05-19] OPR Extension: (V7 Bookmarks) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpmgfnikhlpakdkeeahboleoommganka [2018-04-27] OPR Extension: (Forvo pronunciation) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccpodfblfjampgmdfllpclalbdckflmi [2017-10-21] OPR Extension: (TrafficLight) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfnpidifppmenkapgihekkeednfoenal [2018-04-11] OPR Extension: (archive.is Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgjpabpjaocpgppajkeplhbipbdippdm [2018-04-08] OPR Extension: (OneTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-12-12] OPR Extension: (ZenMate VPN - Top Internet Security & Unblock) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2018-07-21] OPR Extension: (Shortkeys) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnjnhmmmdopghhihpeoafpkkanlagfjf [2016-04-18] OPR Extension: (Simple Mouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cpbbhbiceidealbcfgodcffnfneffopd [2018-06-08] OPR Extension: (Avast Online Security) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-20] OPR Extension: (Search by Image (by Google)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-03-06] OPR Extension: (Card Numbers for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ddadhlcejiholmdiihbdcfoapdfkhicn [2017-02-28] OPR Extension: (Tabs Backup & Restore) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2017-12-22] OPR Extension: (Just Read) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dgmanlpmmkibanfdgjocnabmcaclkmod [2018-08-18] OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-28] OPR Extension: (Copy All Urls) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2017-11-19] OPR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2018-08-11] OPR Extension: (SurfEasy VPN - Sicherheit, Privatsphäre, Entsperrung) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2018-05-07] OPR Extension: (Google search link fix) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eckgbkpcmkeamlbhpcifhnijehlcogip [2018-04-12] OPR Extension: (Session Buddy) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29] OPR Extension: (HTTPS Everywhere) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2018-06-22] OPR Extension: (Copyfish �� Free OCR Software) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eenjdnjldapjajjofmldgmkjaienebbj [2018-01-29] OPR Extension: (VTchromizer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\efbjojhplkelaegfbieplglfidafgoka [2018-04-11] OPR Extension: (Tabs Outliner) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2017-12-22] OPR Extension: (Sort Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ejlljbnghfnfihpiifjaojopfkbgknoi [2016-04-18] OPR Extension: (Copytables) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekdpkppgmlalfkphpibadldikjimijon [2017-10-21] OPR Extension: (Tab Glutton) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2017-02-28] OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekmmelpnmfdegjhnmadddcfjcahpajnm [2018-08-08] OPR Extension: (Vertical Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eknjllkeehiiakhmgjjdoempaocgemkg [2017-03-20] OPR Extension: (Wrona History Menu) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\encidpibliikeaimjmlimnnbjjpnfppl [2016-04-18] OPR Extension: (All in one web searcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\enofjgiadilpmldfknojklfjbeaooiap [2017-09-11] OPR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fcfpagpiibkilokeihmaggjgheaemgbi [2017-12-17] OPR Extension: (Text Lesegerät (Text zu Sprache)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdffijlhedcdiblbingmagmdnokokgbi [2017-11-19] OPR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2018-04-06] OPR Extension: (SimpleUndoClose.test) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjjibgcfnmpcdipdfamlcghkphflpcfb [2017-04-16] OPR Extension: (1Password extension (desktop app required)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnbobholfpcolmkinlokiaaanjilcop [2018-06-27] OPR Extension: (Scroll to Top) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbefdhcpnalckelncafcbmdifclnlmce [2017-11-20] OPR Extension: (Linkman) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbeghboempnjlacepdnkgnpplgjadpnl [2014-06-18] OPR Extension: (Classic Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbekmpnpfkkijbodegokaigmhedbbkmg [2016-01-16] OPR Extension: (SimpleTabOrder) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcphmfnknfenaigpefdlmnbgnjaebjim [2018-02-19] OPR Extension: (XTranslate) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfgpkepllngchpmcippidfhmbhlljhoo [2018-05-28] OPR Extension: (SimpleExtManager) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ggfngijafepjalmbhefafhdeedobcdbf [2018-05-28] OPR Extension: (Super Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme [2017-11-19] OPR Extension: (Etymonline) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\giehjnnlopapngdjbjjgddpaagoimmgl [2018-01-04] OPR Extension: (Selection Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2018-07-26] OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2018-07-21] OPR Extension: (Google Right-Click Multi-Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hacdkngldbgplmdlmdhgiehbmmlckmea [2017-09-13] OPR Extension: (Ultimello, the features pack for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hahbfgjfimnmogoinnenhheepfcphnmm [2018-06-22] OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2018-05-05] OPR Extension: (Video Autoplay Blocker by Robert Sulkowski) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiefnnpeemndbkjphkiffdfjbgaapifa [2016-01-17] OPR Extension: (DotVPN — a better way to VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2018-05-19] OPR Extension: (JavaScript Toggle On and Off) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hldheaackmkeadbfdaiidijnilnbgifo [2018-04-04] OPR Extension: (V7 Gmail Zoom) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnfpfgoekopajiblcenihlclkgphkgmn [2017-04-13] OPR Extension: (I don't care about cookies) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\iambaeepkgdclnmbfdnnohkjjpdglbeo [2018-08-01] OPR Extension: (Sprachenfilter für Wikipedia) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibgceajjjioihilfcdppneoljcaofokk [2018-05-28] OPR Extension: (Wiktionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibncmbgpniokogofpkjnlcpfpiodoppk [2017-10-21] OPR Extension: (Wolfram|Alpha (Official)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2017-11-19] OPR Extension: (Text to Speech (TTS)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ifnfkcmbdaelhfkpkoncangcnhieanmj [2017-10-21] OPR Extension: (Malwarebytes Browser Extension) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-08-16] OPR Extension: (Reader View) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ikmhokpogledimpnfdbcgondkbmfkfjc [2018-06-04] OPR Extension: (Social Fixer for Facebook) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\inficfabgpfjiegjgnhmjdagmhlmakoo [2018-06-27] OPR Extension: (Disable HTML5 Autoplay) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jbinbhipioellbajhbkjlpioadehpfdj [2016-08-03] OPR Extension: (YouTube High Definition) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcdpccclajomeaeeoggbhglfomndjgfp [2016-02-06] OPR Extension: (Close Duplicate Tab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcmhmgmojlljfpfnmlbnipanelaliikl [2016-07-28] OPR Extension: (CloseTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdclfnplpfhdgcmafpbodpejpdnbfhpb [2016-04-20] OPR Extension: (Translate Web Page) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jggobmlojchhlngdhmmdghgganciigof [2016-02-03] OPR Extension: (Font Changer with Google Web Fonts™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2017-11-28] OPR Extension: (User-Agent Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2017-11-19] OPR Extension: (Save To The Wayback Machine) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkoddmeemofcjjeckgiddpgdbnnafoib [2018-05-10] OPR Extension: (Search Window) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmjjleckcgnlmampjifnllbdhkobinbl [2017-12-17] OPR Extension: (View Image - \) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2018-08-18] OPR Extension: (Grammarly for Chrome) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-16] OPR Extension: (The Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbgapjibpomfdnhllkbijmolmnhloona [2016-04-18] OPR Extension: (uBlock Origin) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-07-19] OPR Extension: (Stylus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdinfjomkigjcjcbigolloleeiianaif [2018-07-16] OPR Extension: (Leo Dictionary Widget) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kepemmpmljphklmpfgfmhpjhpdlccpke [2017-10-14] OPR Extension: ( Copy URLs ) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgmdofgghbeipjnddielphhhecgnppab [2016-04-18] OPR Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khgbdhkpcapllhgfekjegcinegfhjbmi [2018-04-09] OPR Extension: (V7 Sessions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmbgihnlknbjgjhmekjeoidpfimabpp [2016-11-10] OPR Extension: (Install Chrome Extensions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-08-18] OPR Extension: (Force Download) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\klahcccondnnonafcbcdgbahphglbjjg [2017-12-11] OPR Extension: (Flash Player for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knbfimhapmnifdchcafinkbfikmomaak [2016-12-15] OPR Extension: (etymon one-click search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knhbicgmdmcjehdpmipibiebegaoiecc [2017-09-16] OPR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19] OPR Extension: (Direct links for Google Image) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lbbpfcajcbdmfhkkleloodefhanneljl [2018-04-12] OPR Extension: (Disable Extensions Temporarily) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lcfdefmogcogicollfebhgjiiakbjdje [2017-09-13] OPR Extension: (Wikimedia Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclegfmhkjbcpiikogacbfbpdgfbdifi [2017-11-19] OPR Extension: (Free Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfkfikiejjfhpfbpgfolfkkdjpepmkal [2018-04-18] OPR Extension: (Sidebar for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljkgfkfopogmclcinephnaeekjiikibd [2017-09-27] OPR Extension: (V7 Drag) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmmhflhfcljkioicbckchnpfiffcjkjp [2017-11-19] OPR Extension: (Nehmen Sie Screenshot der Webseite - FireShot) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-01-08] OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2017-11-19] OPR Extension: (Tab Close Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfkclbfmlbdmjhndmdbbcmlnhojgopdd [2016-04-18] OPR Extension: (CLEAN crxMouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mjidkpedjlfnanainpdfnedkdlacidla [2017-11-20] OPR Extension: (About://Internal Pages) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpkgnldklpemphbfogboacnljgfpnkme [2016-07-28] OPR Extension: (Video Speed Controller) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-07-08] OPR Extension: (Copy URL + Title) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhmdngoiikdcodlpeifbjcjpjhefipal [2016-04-18] OPR Extension: (Save to Pocket) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2018-07-08] OPR Extension: (Violent monkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-11-19] OPR Extension: (Scroll To Top Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\njdplanogllnioicoadncjfgfhdnnpha [2018-08-08] OPR Extension: (dict-cc) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-10-07] OPR Extension: (SaveFrom.net Helfer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2018-08-18] OPR Extension: (Better History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\obciceimmggglbmelaidpjlmodcebijb [2017-12-22] OPR Extension: (Enhancer for YouTube) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2018-08-01] OPR Extension: (Zoom Popup) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofpknbbbohcgomapfgcgadleckdagikj [2016-04-18] OPR Extension: (Google™ Translator Sidebar) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ogmklpmbehclccahgccdnhjipkmmjaom [2017-08-15] OPR Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-07-19] OPR Extension: (Open Multiple URLs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oifijhaokejakekmnjmphonojcfkpbbh [2017-11-21] OPR Extension: (LEO Wörterbuchsuche) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp [2018-01-08] OPR Extension: (Mercury Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2018-06-10] OPR Extension: (Mate Translate – Übersetzer, Wörterbuch) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2018-07-10] OPR Extension: (V7 History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oneajlghdhobcelcgbgkjaipjoopcggg [2017-08-11] OPR Extension: (Remove cookie(s) for the current domain) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\opbghiaphmcbefjfoihikkbpjaoanala [2017-03-16] OPR Extension: (FlexyTrello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pggiemacedhgohmpcgdpceckeicjlgfn [2018-01-05] OPR Extension: (Context Menus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\phlfmkfpmphogkomddckmggcfpmfchpn [2017-11-20] OPR Extension: (Extract Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pibjcpkpaecbpifdkbehcicaoaejkaie [2016-04-18] OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2018-08-01] OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll [] OPR Extension: (Enhancer for YouTube™) - C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_22_0_0_192.dll [] StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files (x86)\Opera developer\Launcher.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.) R2 AS ContentsDL; C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe [70520 2013-09-17] (NEC Personal Computers, Ltd.) R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2018-04-09] (AOMEI Tech Co., Ltd.) R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-03-29] (Digital Wave Ltd.) R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel) R2 ecomonsv; C:\Program Files\EcoViewer\ecomonsv.exe [280496 2012-12-04] (NEC Personal Computers, Ltd.) R2 ibtsiva; C:\windows\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation) R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd) S4 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [363144 2016-02-05] (Mailbird) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) S4 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2016-12-17] (StagWare) [File not signed] R2 NEC Move Media Server Monitor Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe [134920 2013-12-16] (CyberLink) R2 NEC Move Media Server Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe [375560 2013-12-16] (CyberLink) R2 NECBT SERVICE; C:\Program Files\NECBoot\NECBTSVC.exe [237496 2012-10-05] (NEC Personal Computers, Ltd.) S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft) R2 NT Meter; c:\windows\syswow64\NTMETER.exe [98672 2013-05-08] (NEC Personal Computers, Ltd.) S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH) S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH) S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH) S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.) R2 PeakShiftSvc; C:\Program Files\PeakShiftTool\PeakShiftSvc.exe [289624 2013-07-02] (NEC Personal Computers, Ltd.) R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12704 2017-01-15] () R2 ScVssService64; C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [75048 2013-01-28] (Centered Systems) S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [183568 2018-03-07] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) S2 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [X] S2 EaseUS Agent; "C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe" [X] S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X] S4 watchtw; C:\windows\SysWOW64\wtwatch.exe [X] S2 WebServTw; C:\windows\SysWOW64\wstw.exe [X] S4 wtflserv; C:\windows\SysWOW64\fltw.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\windows\System32\ambakdrv.sys [51120 2016-12-21] () R2 ammntdrv; C:\windows\system32\ammntdrv.sys [171952 2016-12-21] () R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [38320 2017-09-01] () S3 esihdrv; C:\Users\d\AppData\Local\Temp\esihdrv.sys [149928 2018-04-09] (ESET) <==== ATTENTION R0 EUBAKUP; C:\windows\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R0 EUBKMON; C:\windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] () [File not signed] R1 EUDSKACS; C:\windows\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R1 EUFDDISK; C:\windows\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed] R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [231400 2017-05-19] (Intel Corporation) R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] () R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] () R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] () R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] () R1 MFKGTKEY; C:\windows\system32\drivers\mfkgtkey.sys [26960 2013-09-19] (NEC Personal Computers, Ltd.) R1 MpKsl4cdd01a1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4F04C5A3-E02C-42C0-A31B-D6672F499147}\MpKsl4cdd01a1.sys [58120 2018-08-18] (Microsoft Corporation) R3 necbatt; C:\windows\System32\drivers\necbatt.sys [19760 2013-06-20] (NEC Personal Computers, Ltd.) R3 necextif; C:\windows\System32\drivers\necextif.sys [26448 2013-06-21] (NEC Personal Computers, Ltd.) R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3521032 2017-11-08] (Intel Corporation) S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 Ps2Led; C:\windows\system32\DRIVERS\Ps2Led.sys [18768 2013-09-19] (NEC Personal Computers, Ltd.) R1 Ps2LedIF; C:\windows\system32\drivers\ps2ledif.sys [16208 2013-09-19] (NEC Personal Computers, Ltd.) S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows (R) Win 7 DDK provider) S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [31856 2017-03-23] (Windows (R) Win 7 DDK provider) R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-07-18] (Corel Corporation) R3 RadioSwitchHID; C:\windows\System32\drivers\RadioSwitchHID.sys [19456 2012-08-24] (NEC Personal Computers, Ltd.) S3 RTLU3E8023-W8-64; C:\windows\system32\DRIVERS\rtu30x64w8.sys [70656 2013-06-18] (Realtek ) R3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation) R0 Sahdad64; C:\windows\System32\Drivers\Sahdad64.sys [28304 2013-07-23] (Corel Corporation) R0 Saibad64; C:\windows\System32\Drivers\Saibad64.sys [20112 2013-07-23] (Corel Corporation) R1 SaibVdAd64; C:\windows\System32\Drivers\SaibVdAd64.sys [27792 2013-07-23] (Corel Corporation) R3 VBoxNetAdp; C:\windows\system32\DRIVERS\VBoxNetAdp6.sys [198032 2018-02-26] (Oracle Corporation) R1 VBoxNetLwf; C:\windows\system32\DRIVERS\VBoxNetLwf.sys [208392 2018-02-26] (Oracle Corporation) S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [125008 2015-12-18] (Oracle Corporation) S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) R3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2017-09-24] (OpenLibSys.org) R1 wtfilter_6589; C:\windows\System32\drivers\wtfilter_6589.sys [86488 2017-02-06] () R3 ALSysIO; \??\C:\Users\d\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION U0 aswVmm; no ImagePath S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X] S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X] S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X] S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-18 11:37 - 2018-08-18 17:49 - 000090960 _____ C:\Users\d\Desktop\Addition.txt 2018-08-18 11:34 - 2018-08-18 18:10 - 000048596 _____ C:\Users\d\Desktop\FRST.txt 2018-08-18 00:19 - 2018-08-18 00:34 - 000000000 ____D C:\AdwCleaner 2018-08-18 00:09 - 2018-08-18 00:12 - 007417040 _____ (Malwarebytes) C:\Users\d\Downloads\adwcleaner_7.2.2.exe 2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Downloads\FRST64.exe 2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Desktop\FRST64.exe 2018-08-17 20:14 - 2018-08-18 18:10 - 000000000 ____D C:\FRST 2018-08-17 20:13 - 2018-08-17 23:33 - 000000000 _____ C:\Users\d\Desktop\trojaner.txt 2018-08-16 00:30 - 2018-07-19 09:06 - 007371616 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2018-08-16 00:30 - 2018-07-19 08:48 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2018-08-16 00:30 - 2018-07-19 08:15 - 025745408 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2018-08-16 00:30 - 2018-07-19 06:35 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2018-08-16 00:30 - 2018-07-19 06:33 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2018-08-16 00:30 - 2018-07-19 06:33 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2018-08-16 00:30 - 2018-07-19 06:30 - 005778432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2018-08-16 00:30 - 2018-07-19 06:22 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2018-08-16 00:30 - 2018-07-19 06:22 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2018-08-16 00:30 - 2018-07-19 06:22 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll 2018-08-16 00:30 - 2018-07-19 06:21 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2018-08-16 00:30 - 2018-07-19 06:05 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2018-08-16 00:30 - 2018-07-19 06:03 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2018-08-16 00:30 - 2018-07-19 06:01 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2018-08-16 00:30 - 2018-07-19 05:55 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2018-08-16 00:30 - 2018-07-19 05:55 - 000099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll 2018-08-16 00:30 - 2018-07-19 05:54 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2018-08-16 00:30 - 2018-07-19 05:47 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2018-08-16 00:30 - 2018-07-19 05:46 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2018-08-16 00:30 - 2018-07-19 05:45 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2018-08-16 00:30 - 2018-07-19 05:45 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2018-08-16 00:30 - 2018-07-19 05:43 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2018-08-16 00:30 - 2018-07-19 05:32 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2018-08-16 00:30 - 2018-07-19 05:31 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2018-08-16 00:30 - 2018-07-19 05:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2018-08-16 00:30 - 2018-07-19 05:28 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2018-08-16 00:30 - 2018-07-19 05:28 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll 2018-08-16 00:30 - 2018-07-19 05:28 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2018-08-16 00:30 - 2018-07-19 05:28 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2018-08-16 00:30 - 2018-07-19 05:20 - 001554944 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2018-08-16 00:30 - 2018-07-19 05:17 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll 2018-08-16 00:30 - 2018-07-19 05:09 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2018-08-16 00:30 - 2018-07-19 05:09 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2018-08-16 00:30 - 2018-07-19 05:06 - 001329152 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2018-08-16 00:30 - 2018-07-19 05:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2018-08-16 00:30 - 2018-07-13 09:51 - 002452824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2018-08-16 00:30 - 2018-07-07 20:33 - 001548632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2018-08-16 00:30 - 2018-07-07 19:05 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2018-08-16 00:30 - 2018-07-07 19:02 - 000096768 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2018-08-16 00:30 - 2018-07-07 19:00 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll 2018-08-16 00:30 - 2018-07-07 18:33 - 000078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll 2018-08-16 00:30 - 2018-07-07 18:31 - 000113664 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll 2018-08-16 00:30 - 2018-07-06 19:37 - 001754624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll 2018-08-16 00:30 - 2018-07-06 18:36 - 001491968 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll 2018-08-16 00:30 - 2018-06-30 20:00 - 001113952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys 2018-08-16 00:30 - 2018-06-27 20:10 - 000559104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\csc.sys 2018-08-16 00:30 - 2018-06-27 19:48 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\CscMig.dll 2018-08-16 00:30 - 2018-06-24 17:11 - 000748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll 2018-08-16 00:30 - 2018-06-24 17:04 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll 2018-08-16 00:30 - 2018-06-19 15:38 - 003611136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2018-08-16 00:30 - 2018-06-19 15:38 - 003321344 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2018-08-16 00:30 - 2018-06-19 15:31 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe 2018-08-16 00:30 - 2018-06-19 15:29 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe 2018-08-16 00:30 - 2018-06-16 17:03 - 002779136 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2018-08-16 00:30 - 2018-06-16 16:59 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2018-08-16 00:30 - 2018-06-15 06:34 - 000923512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys 2018-08-16 00:30 - 2018-06-15 04:12 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll 2018-08-16 00:30 - 2018-06-15 03:55 - 000840192 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll 2018-08-16 00:30 - 2018-06-15 03:43 - 000186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll 2018-08-16 00:30 - 2018-06-15 03:26 - 000514560 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv 2018-08-16 00:30 - 2018-06-15 03:22 - 000866304 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll 2018-08-16 00:30 - 2018-06-15 03:19 - 000399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv 2018-08-16 00:30 - 2018-06-08 20:47 - 000083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys 2018-08-16 00:29 - 2018-07-19 06:23 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2018-08-16 00:29 - 2018-07-19 05:53 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2018-08-16 00:29 - 2018-07-19 05:34 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2018-08-16 00:29 - 2018-07-19 05:28 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2018-08-16 00:29 - 2018-06-15 04:28 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2018-08-16 00:29 - 2018-06-15 04:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2018-08-11 07:55 - 2018-08-11 07:55 - 759471852 _____ C:\windows\MEMORY.DMP 2018-08-11 07:55 - 2018-08-11 07:55 - 000296888 _____ C:\windows\Minidump\081118-7421-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-18 18:07 - 2013-08-22 17:36 - 000000000 ____D C:\windows\SysWOW64\Macromed 2018-08-18 18:07 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\Macromed 2018-08-18 18:04 - 2014-06-11 01:30 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417334993-2898295356-3386692794-1001 2018-08-18 18:02 - 2014-07-05 21:58 - 000000000 ____D C:\Users\d\AppData\Local\CrashDumps 2018-08-18 17:59 - 2016-02-27 04:33 - 000000000 ____D C:\Users\d\AppData\Local\ClassicShell 2018-08-18 17:59 - 2016-01-16 12:36 - 000000000 ____D C:\Program Files (x86)\Alternative Flash Player Auto-Updater 2018-08-18 17:59 - 2014-06-12 21:16 - 000011354 _____ C:\windows\system32\perfh007.dat 2018-08-18 17:59 - 2014-06-12 21:16 - 000006212 _____ C:\windows\system32\perfc007.dat 2018-08-18 17:59 - 2013-08-28 09:06 - 000018338 _____ C:\windows\system32\PerfStringBackup.INI 2018-08-18 17:59 - 2013-08-23 00:47 - 000005884 _____ C:\windows\system32\perfc011.dat 2018-08-18 17:59 - 2013-08-23 00:47 - 000005820 _____ C:\windows\system32\perfh011.dat 2018-08-18 17:59 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf 2018-08-18 17:57 - 2016-07-25 16:40 - 000003332 _____ C:\windows\System32\Tasks\iToolsDaemon 2018-08-18 17:54 - 2016-01-16 12:43 - 000000000 ____D C:\Users\d\Desktop\acv507 2018-08-18 17:51 - 2018-04-12 19:10 - 000000082 _____ C:\windows\SysWOW64\winsevr.dat 2018-08-18 17:51 - 2018-04-12 19:09 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper 2018-08-18 17:51 - 2016-02-10 01:02 - 000000000 ____D C:\Program Files\Java 2018-08-18 17:51 - 2016-01-11 12:20 - 000000000 ____D C:\Program Files\Common Files\AV 2018-08-18 17:51 - 2016-01-11 12:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-08-18 17:51 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2018-08-18 17:51 - 2013-08-22 16:44 - 000597840 _____ C:\windows\system32\FNTCACHE.DAT 2018-08-18 17:45 - 2014-06-11 01:50 - 000000000 ____D C:\Users\d\AppData\Local\Apple Computer 2018-08-18 17:44 - 2016-01-30 21:30 - 000000000 ____D C:\ProgramData\Apple Computer 2018-08-18 17:39 - 2014-06-11 01:27 - 000003868 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A885AFCF-DEDA-4845-AD42-3903A4A06B09} 2018-08-18 15:58 - 2016-01-25 20:22 - 000000000 ____D C:\Users\d\Desktop\linkman database 2018-08-18 15:57 - 2018-04-25 19:12 - 000003668 _____ C:\windows\System32\Tasks\JavaUpdateSched 2018-08-18 15:57 - 2016-02-10 01:02 - 000145272 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2018-08-18 00:34 - 2017-08-17 18:04 - 000000000 ____D C:\ProgramData\iolo 2018-08-18 00:34 - 2017-08-17 18:04 - 000000000 ____D C:\Program Files (x86)\iolo 2018-08-18 00:34 - 2017-06-30 00:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-08-18 00:34 - 2014-06-17 04:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-08-18 00:33 - 2016-12-05 16:31 - 000000000 ____D C:\Users\d\AppData\LocalLow\Mozilla 2018-08-18 00:32 - 2016-06-16 16:20 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-08-18 00:09 - 2018-02-19 17:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2018-08-17 23:44 - 2013-08-22 17:36 - 000000000 ___HD C:\windows\ELAMBKUP 2018-08-17 01:32 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\ELAM 2018-08-16 16:15 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache 2018-08-16 04:31 - 2016-06-03 21:44 - 000003882 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1464983063 2018-08-16 04:31 - 2016-06-03 21:44 - 000000000 ____D C:\Program Files (x86)\Opera developer 2018-08-16 04:29 - 2014-06-12 22:14 - 000000000 ____D C:\Program Files (x86)\Opera 2018-08-16 04:23 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\BBI 2018-08-16 04:22 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData 2018-08-16 02:12 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp 2018-08-13 15:49 - 2018-03-21 15:19 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant 2018-08-13 08:25 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness 2018-08-11 08:09 - 2014-06-11 01:25 - 000000000 ____D C:\Users\d 2018-08-11 07:55 - 2014-07-05 22:35 - 000000000 ____D C:\windows\Minidump 2018-08-10 00:38 - 2018-05-05 20:25 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-10 00:38 - 2018-05-05 20:25 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-08 19:10 - 2014-06-12 22:14 - 000003862 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1402604082 2018-08-04 01:46 - 2013-08-22 17:38 - 000836480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2018-08-04 01:46 - 2013-08-22 17:38 - 000181120 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-07-26 20:36 - 2016-01-11 13:09 - 000000000 ____D C:\windows\system32\appraiser 2018-07-26 20:26 - 2017-05-13 20:36 - 000002086 _____ C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk 2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ___RD C:\Program Files (x86)\Skype 2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ____D C:\ProgramData\Skype 2018-07-25 20:50 - 2016-01-23 02:31 - 000000000 ____D C:\Users\d\AppData\Roaming\Skype 2018-07-19 19:55 - 2016-04-19 08:31 - 000000000 ____D C:\Users\d\AppData\Roaming\PrimoPDF ==================== Files in the root of some directories ======= 2004-02-06 21:06 - 2004-02-06 21:06 - 000000000 ____H () C:\ProgramData\sdpsenv.dat 2018-07-18 08:04 - 2018-07-18 08:04 - 000000600 _____ () C:\Users\d\AppData\Local\PUTTY.RND 2018-01-13 16:54 - 2018-01-13 16:54 - 000000218 _____ () C:\Users\d\AppData\Local\recently-used.xbel Some files in TEMP: ==================== 2016-06-17 10:37 - 2016-06-17 10:37 - 003045232 _____ (AnVir Software) C:\Users\d\AppData\Local\Temp\AnVir.exe 2016-04-19 08:35 - 2016-04-19 08:35 - 008108488 _____ () C:\Users\d\AppData\Local\Temp\converter.exe 2014-06-19 00:36 - 2014-06-19 00:36 - 000374208 _____ (ESET) C:\Users\d\AppData\Local\Temp\InstHelper.exe 2018-08-18 15:55 - 2018-08-18 15:55 - 002346360 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-10.0.2+13_windows-x64_bin-au.exe 2016-11-03 20:36 - 2016-11-03 20:36 - 000737856 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-01-27 05:24 - 2017-01-27 05:24 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-05-04 14:05 - 2017-05-04 14:05 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-07-21 17:36 - 2017-07-21 17:36 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u141-windows-au.exe 2017-11-24 13:32 - 2017-11-24 13:32 - 001856576 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u151-windows-au.exe 2018-03-28 00:30 - 2018-03-28 00:30 - 001864256 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u161-windows-au.exe 2018-04-25 06:46 - 2018-04-25 06:46 - 001884616 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u171-windows-au.exe 2016-03-23 22:16 - 2016-03-23 22:16 - 000736320 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u77-windows-au.exe 2016-07-04 06:55 - 2016-07-04 06:55 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u91-windows-au.exe 2016-02-09 23:54 - 2016-01-31 21:51 - 000041432 _____ () C:\Users\d\AppData\Local\Temp\kh_5552.dll 2014-06-17 04:32 - 2014-03-25 00:55 - 000099096 _____ () C:\Users\d\AppData\Local\Temp\LMkRstPt.exe 2016-02-09 23:54 - 2016-01-31 21:51 - 000038872 _____ () C:\Users\d\AppData\Local\Temp\mh_5552.dll 2016-06-03 21:44 - 2016-06-03 21:44 - 001086464 _____ (Opera Software) C:\Users\d\AppData\Local\Temp\Opera_installer_2016634422903.dll 2016-12-16 03:25 - 2018-07-10 21:46 - 065875720 _____ (Paramount Software UK Ltd) C:\Users\d\AppData\Local\Temp\reflectPatch.exe 2016-02-09 05:18 - 2018-07-25 20:51 - 057812744 _____ (Skype Technologies S.A.) C:\Users\d\AppData\Local\Temp\SkypeSetup.exe 2018-04-09 15:53 - 2018-04-09 15:53 - 004845696 _____ (ESET) C:\Users\d\AppData\Local\Temp\SysInspector.exe 2015-12-31 14:07 - 2015-12-31 14:08 - 031948192 _____ (IDM Computer Solutions, Inc.) C:\Users\d\AppData\Local\Temp\uc_english.exe 2017-05-10 12:32 - 2017-05-10 12:32 - 014456872 _____ (Microsoft Corporation) C:\Users\d\AppData\Local\Temp\vc_redist.x86.exe 2015-08-03 01:58 - 2015-08-03 01:58 - 000118784 _____ () C:\Users\d\AppData\Local\Temp\xmlUpdater.exe 2016-02-09 23:52 - 2013-07-06 17:02 - 001520544 _____ (Pitrinec Software) C:\Users\d\AppData\Local\Temp\~cbu_tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-08-17 04:06 ==================== End of FRST.txt ============================ --- --- --- --- --- --- Geändert von lucina (18.08.2018 um 18:51 Uhr) |
Themen zu Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) |
askbar, avast, bonjour, browser, defender, desktop, downloader, explorer, fehler, festplatte, flash player, internet, kaspersky, log file, mozilla, popup, realtek, registry, services.exe, sicherheit, starten, svchost.exe, system, temp, ublock origin, usb, windows |