Hallo, heute bekam ich folgende Meldung:
_________________

Kaspersky Internet Security
Schadsoftware wurde gefunden.
Es wird empfohlen, vor dem Neustart des Computers alle laufenden Programme zu schließen und alle Änderungen zu speichern.
Gefunden: Trojan.Multi.GenAutorunReg.a
Ort: System Memory
[Desinfizieren und Computer neu starten]
_________________

- Ich habe nichts auf der Meldung angeklickt; sie ist noch sichtbar.
- Ich habe alle externen Datenträger entfernt und ein Image der Festplatte gemacht.
- Soll ich alle Passwörter ändern?
- Ich habe unter anderem folgende zugehörigen Threads gefunden:
- https://forum.kaspersky.com/index.php?/topic/396586-trojanmultigenautorunreg/
- https://forum.kaspersky.com/index.php?/topic/398038-trojanmultigenautorunrega-detected-in-memory-and-not-removed/
- https://forum.kaspersky.com/index.php?/topic/361440-trojanmultigenautorunrega/
- ähnlich aber nicht identisch: https://www.trojaner-board.de/175559-trojan-multi-genautorun-task-b-system-memory.html

Ich habe Farbar (64) ausgeführt, dabei kam es zu folgendem Fehler:


error saving file
c:\FRST\HIVES\drivers continue with the next file? [ regcreatekeyex:87 - falscher paramenter ]
failed to update


Als ich es dann erneut startet, wurde die registry nicht erneut gebackupt, sodass auch der fehler nicht mehr erschien, obwohl er nicht behoben wurde und also weiterhin besteht.

Zu naughtypirates stream im log file:
https://forums.malwarebytes.com/topic/162382-possible-signs-of-malware-on-my-system/
https://forums.spybot.info/showthread.php?67975-Not-sure-if-I-have-rootkits-or-not

Zu SmEdit und AkelPad: Ungefährliche Programmme, ich kenne die Autoren

ComputerTime und CWG child weg guardian sind ebenfalls legitim und mir bekannt. dazu gehören auch fltw.exe, wstw.exe wtwatch.exe

Ich habe Vertrauen ins Trojanerboard, da mir vor ca. 6 Jahren schonmal gut geholfen wurde. Gern auch wieder eine Spende. Vielen Dank im Voraus für Eure Bemühungen, ich werde alle Anweisungen exakt befolgen.

In FRST.txt werden im letzten Monat erstellte Dateien aufgelistet. Aus Datenschutzgründen habe ich einige ungefährliche, mir bekannte / von mir erstelle Dateien aus der Liste gelöscht.

https://threats.kaspersky.com/en/threat/Trojan.Multi.GenAutorunReg/

Ich habe eine Letzthoffnung, dass es ein False Positive ist....???

UND DANKE FÜR EURE HILFE IM VORAUS!!!

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by d (administrator) on LAVIE (17-08-2018 20:19:54)
Running from C:\Users\d\AppData\Local\Temp\scoped_dir5172_2273
Loaded Profiles: d (Available Profiles: d)
Platform: Windows 8.1 Pro (Update) (X64) Language: Japanisch (Japan)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTSVC.exe
(NEC Personal Computers, Ltd.) C:\Windows\SysWOW64\NTMETER.exe
(NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftSvc.exe
() C:\Program Files\Prio\prio_svc.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\ScVssService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECMFK\necmfk.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBatt\nbSched.exe
(NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTPB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NPSpeed\NPSpeed.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Outertech) C:\Program Files (x86)\Linkman\Linkman.exe
(RaMMicHaeL) C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
(f.lux Software LLC) C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\SecCopy.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Michael Farrell) C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
() C:\Users\d\Desktop\acv507\ArsClip.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Steve Emmons) C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mad Dog Apps) C:\Program Files (x86)\Mad Dog Apps\BatteryMonitor\myBatteryMonitor.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(pXc-coding.com) C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(NEC Personal Computers, Ltd.) C:\Program Files\EcoViewer\ecomonsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(AkelSoft) C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
(AkelSoft) C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
(AkelSoft) C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [NECMFK] => C:\Program Files\necmfk\necmfk.exe [164176 2013-09-19] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [IntelAntiTheftDiscoveryAppIECNotifier] => C:\Program Files (x86)\Intel\Intel Anti-Theft Discovery App\IntelAntiTheftDiscoveryAppIECNotifier.exe [142336 2013-06-25] (Intel Corporation)
HKLM\...\Run: [NECBatt] => C:\Program Files\NECBatt\nbSched.exe [356688 2013-08-05] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [PeakShiftTool] => C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe [244576 2013-07-02] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [NECBTPB] => C:\Program Files\NECBoot\NECBTPB.EXE [2789304 2012-10-05] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-09-04] (Synaptics Incorporated)
HKLM\...\Run: [RcdSettings] => C:\Program Files\NEC\NECRcdSettings\RcdSettings.exe [924536 2013-08-27] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [NPSpeed] => C:\Program Files\NPSpeed\NPSpeed.exe [3215152 2013-10-08] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [AtrioSide] => C:\Program Files\NEC\AtrioSide\AtrioSide.exe [1193328 2013-09-17] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd)
HKLM-x32\...\Run: [SmartUpdate] => C:\Program Files (x86)\NEC\SmartUpdate\reservesu.exe [234232 2013-07-08] (NEC Personal Computers, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-03-16] (Apple Inc.)
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME}
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Linkman] => C:\Program Files (x86)\Linkman\Linkman.exe [1635200 2015-12-23] (Outertech)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [421240 2016-06-10] (GP Software)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [f.lux] => C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\SecCopy.exe [3128616 2013-01-28] (Centered Systems)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] ()
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [WhatsApp] => "C:\Users\d\AppData\Local\WhatsApp\app-0.2.5371\WhatsApp.exe"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [DVSFreeVideoCallRecorder] => "C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\FreeVideoCallRecorder.exe" /minimized
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [IntelliWebSearch] => C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe [224388 2011-04-08] (Michael Farrell)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: prio.dll => No File
AppInit_DLLs-x32: prio32.dll => No File
IFEO\sethc.exe: [Debugger] logonui.exe
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1580408 2016-06-10] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [350072 2016-06-10] (GP Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Alternative Flash Player Auto-Updater.lnk [2016-01-16]
ShortcutTarget: Alternative Flash Player Auto-Updater.lnk -> C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe (pXc-coding.com)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip - Verknüpfung.lnk [2016-01-25]
ShortcutTarget: ArsClip - Verknüpfung.lnk -> C:\Users\d\Desktop\acv507\ArsClip.exe ()
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryAlarm - Shortcut.lnk [2016-04-20]
ShortcutTarget: BatteryAlarm - Shortcut.lnk -> C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe (Steve Emmons)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-09-30]
ShortcutTarget: Telegram.lnk -> C:\Users\d\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-500\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1003\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 cryptomator-vault
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A589BE57-42CC-439B-99D1-70AED469ADBE}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> DefaultScope {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = 
SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2016-07-25] (iTools.hk)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2016-07-25] (iTools.hk)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} -  No File
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: 2udj1tce.default
FF ProfilePath: C:\Users\d\AppData\Roaming\Postbox\Profiles\ify653so.default [2016-02-10]
FF ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default [2018-08-17]
FF Session Restore: Mozilla\Firefox\Profiles\2udj1tce.default -> is enabled.
FF Extension: (Grammarly for Firefox) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-08-09]
FF Extension: (Video DownloadHelper) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-09]
FF Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-27]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-19] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-05-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-16] ()
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] ()
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6

Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\Default [2018-08-03]
CHR Extension: (Präsentationen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-19]
CHR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-05-31]
CHR Extension: (Docs) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-19]
CHR Extension: (Google Drive) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-19]
CHR Extension: (YouTube) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-19]
CHR Extension: (Tab Count) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfokcacdaonnckdmopmcgeanhkebeaio [2018-07-30]
CHR Extension: (uBlock Origin) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-03]
CHR Extension: (Tab Glutton) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2018-06-25]
CHR Extension: (Tabellen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-05]
CHR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05]
CHR Extension: (Linkman) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchnedaeogijkjjkjigbijhbcanbdjkc [2018-05-05]
CHR Extension: (Google Mail) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-05]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

Opera: 
=======
OPR Session Restore: -> is enabled.
OPR Extension: (Simple = Select + Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2017-09-11]
OPR Extension: (Instant Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aamgapdgopfdmokckpkfciiddpahbbcg [2017-09-11]
OPR Extension: (Google Ãœbersetzer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-02]
OPR Extension: (Disable Youtubeâ„¢ HTML5 Player) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aejcgigcjcdcbdkdbeiclbpekcjddapp [2016-01-17]
OPR Extension: (Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\afmdpmddiokpdknaeofdnlclbpgehhce [2018-07-25]
OPR Extension: (TransOver) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2018-08-08]
OPR Extension: (SimpleUndoClose) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aipamoaneebnhkfefefbfmhimclgafig [2018-02-19]
OPR Extension: (Redirect Bypasser) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\akalifnifmgdmgmjoaiaflkeahpbkghe [2017-05-04]
OPR Extension: (Oxford Dictionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbhgfdkgegllnkmnpidalgbgdghilnha [2016-11-10]
OPR Extension: (Select like a Boss) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfigpnfillonohmonbadflnapjejfkgm [2017-10-21]
OPR Extension: (V7 Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjcegonlhkkclkkglpgjmgnigefhkak [2018-01-14]
OPR Extension: (smartUp Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjfekefhjemchdeigphccilhncnjldn [2018-06-27]
OPR Extension: (AdGuard Werbeblocker) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2018-05-19]
OPR Extension: (V7 Bookmarks) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpmgfnikhlpakdkeeahboleoommganka [2018-04-27]
OPR Extension: (Forvo pronunciation) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccpodfblfjampgmdfllpclalbdckflmi [2017-10-21]
OPR Extension: (TrafficLight) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfnpidifppmenkapgihekkeednfoenal [2018-04-11]
OPR Extension: (archive.is Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgjpabpjaocpgppajkeplhbipbdippdm [2018-04-08]
OPR Extension: (OneTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-12-12]
OPR Extension: (ZenMate VPN - Top Internet Security & Unblock) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2018-07-21]
OPR Extension: (Shortkeys) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnjnhmmmdopghhihpeoafpkkanlagfjf [2016-04-18]
OPR Extension: (Simple Mouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cpbbhbiceidealbcfgodcffnfneffopd [2018-06-08]
OPR Extension: (Avast Online Security) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-20]
OPR Extension: (Search by Image (by Google)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-03-06]
OPR Extension: (Card Numbers for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ddadhlcejiholmdiihbdcfoapdfkhicn [2017-02-28]
OPR Extension: (Tabs Backup & Restore) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2017-12-22]
OPR Extension: (Just Read) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dgmanlpmmkibanfdgjocnabmcaclkmod [2018-08-16]
OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-28]
OPR Extension: (Copy All Urls) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2017-11-19]
OPR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2018-08-11]
OPR Extension: (SurfEasy VPN - Sicherheit, Privatsphäre, Entsperrung) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2018-05-07]
OPR Extension: (Google search link fix) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eckgbkpcmkeamlbhpcifhnijehlcogip [2018-04-12]
OPR Extension: (Session Buddy) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
OPR Extension: (HTTPS Everywhere) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2018-06-22]
OPR Extension: (Copyfish � Free OCR Software) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eenjdnjldapjajjofmldgmkjaienebbj [2018-01-29]
OPR Extension: (VTchromizer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\efbjojhplkelaegfbieplglfidafgoka [2018-04-11]
OPR Extension: (Tabs Outliner) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2017-12-22]
OPR Extension: (Sort Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ejlljbnghfnfihpiifjaojopfkbgknoi [2016-04-18]
OPR Extension: (Copytables) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekdpkppgmlalfkphpibadldikjimijon [2017-10-21]
OPR Extension: (Tab Glutton) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2017-02-28]
OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekmmelpnmfdegjhnmadddcfjcahpajnm [2018-08-08]
OPR Extension: (Vertical Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eknjllkeehiiakhmgjjdoempaocgemkg [2017-03-20]
OPR Extension: (Wrona History Menu) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\encidpibliikeaimjmlimnnbjjpnfppl [2016-04-18]
OPR Extension: (All in one web searcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\enofjgiadilpmldfknojklfjbeaooiap [2017-09-11]
OPR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fcfpagpiibkilokeihmaggjgheaemgbi [2017-12-17]
OPR Extension: (Text Lesegerät (Text zu Sprache)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdffijlhedcdiblbingmagmdnokokgbi [2017-11-19]
OPR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2018-04-06]
OPR Extension: (SimpleUndoClose.test) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjjibgcfnmpcdipdfamlcghkphflpcfb [2017-04-16]
OPR Extension: (1Password extension (desktop app required)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnbobholfpcolmkinlokiaaanjilcop [2018-06-27]
OPR Extension: (Scroll to Top) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbefdhcpnalckelncafcbmdifclnlmce [2017-11-20]
OPR Extension: (Linkman) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbeghboempnjlacepdnkgnpplgjadpnl [2014-06-18]
OPR Extension: (Classic Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbekmpnpfkkijbodegokaigmhedbbkmg [2016-01-16]
OPR Extension: (SimpleTabOrder) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcphmfnknfenaigpefdlmnbgnjaebjim [2018-02-19]
OPR Extension: (XTranslate) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfgpkepllngchpmcippidfhmbhlljhoo [2018-05-28]
OPR Extension: (SimpleExtManager) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ggfngijafepjalmbhefafhdeedobcdbf [2018-05-28]
OPR Extension: (Super Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme [2017-11-19]
OPR Extension: (Etymonline) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\giehjnnlopapngdjbjjgddpaagoimmgl [2018-01-04]
OPR Extension: (Selection Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2018-07-26]
OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2018-07-21]
OPR Extension: (Google Right-Click Multi-Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hacdkngldbgplmdlmdhgiehbmmlckmea [2017-09-13]
OPR Extension: (Ultimello, the features pack for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hahbfgjfimnmogoinnenhheepfcphnmm [2018-06-22]
OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2018-05-05]
OPR Extension: (Video Autoplay Blocker by Robert Sulkowski) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiefnnpeemndbkjphkiffdfjbgaapifa [2016-01-17]
OPR Extension: (DotVPN — a better way to VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2018-05-19]
OPR Extension: (JavaScript Toggle On and Off) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hldheaackmkeadbfdaiidijnilnbgifo [2018-04-04]
OPR Extension: (V7 Gmail Zoom) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnfpfgoekopajiblcenihlclkgphkgmn [2017-04-13]
OPR Extension: (I don't care about cookies) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\iambaeepkgdclnmbfdnnohkjjpdglbeo [2018-08-01]
OPR Extension: (Sprachenfilter für Wikipedia) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibgceajjjioihilfcdppneoljcaofokk [2018-05-28]
OPR Extension: (Wiktionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibncmbgpniokogofpkjnlcpfpiodoppk [2017-10-21]
OPR Extension: (Wolfram|Alpha (Official)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2017-11-19]
OPR Extension: (Text to Speech (TTS)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ifnfkcmbdaelhfkpkoncangcnhieanmj [2017-10-21]
OPR Extension: (Malwarebytes Browser Extension) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-08-16]
OPR Extension: (Reader View) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ikmhokpogledimpnfdbcgondkbmfkfjc [2018-06-04]
OPR Extension: (Social Fixer for Facebook) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\inficfabgpfjiegjgnhmjdagmhlmakoo [2018-06-27]
OPR Extension: (Disable HTML5 Autoplay) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jbinbhipioellbajhbkjlpioadehpfdj [2016-08-03]
OPR Extension: (YouTube High Definition) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcdpccclajomeaeeoggbhglfomndjgfp [2016-02-06]
OPR Extension: (Close Duplicate Tab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcmhmgmojlljfpfnmlbnipanelaliikl [2016-07-28]
OPR Extension: (CloseTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdclfnplpfhdgcmafpbodpejpdnbfhpb [2016-04-20]
OPR Extension: (Translate Web Page) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jggobmlojchhlngdhmmdghgganciigof [2016-02-03]
OPR Extension: (Font Changer with Google Web Fontsâ„¢) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2017-11-28]
OPR Extension: (User-Agent Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2017-11-19]
OPR Extension: (Save To The Wayback Machine) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkoddmeemofcjjeckgiddpgdbnnafoib [2018-05-10]
OPR Extension: (Search Window) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmjjleckcgnlmampjifnllbdhkobinbl [2017-12-17]
OPR Extension: (View Image - \) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2018-08-16]
OPR Extension: (Grammarly for Chrome) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-16]
OPR Extension: (The Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbgapjibpomfdnhllkbijmolmnhloona [2016-04-18]
OPR Extension: (uBlock Origin) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-07-19]
OPR Extension: (Stylus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdinfjomkigjcjcbigolloleeiianaif [2018-07-16]
OPR Extension: (Leo Dictionary Widget) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kepemmpmljphklmpfgfmhpjhpdlccpke [2017-10-14]
OPR Extension: ( Copy URLs ) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgmdofgghbeipjnddielphhhecgnppab [2016-04-18]
OPR Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khgbdhkpcapllhgfekjegcinegfhjbmi [2018-04-09]
OPR Extension: (V7 Sessions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmbgihnlknbjgjhmekjeoidpfimabpp [2016-11-10]
OPR Extension: (Install Chrome Extensions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-08-17]
OPR Extension: (Force Download) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\klahcccondnnonafcbcdgbahphglbjjg [2017-12-11]
OPR Extension: (Flash Player for YouTubeâ„¢) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knbfimhapmnifdchcafinkbfikmomaak [2016-12-15]
OPR Extension: (etymon one-click search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knhbicgmdmcjehdpmipibiebegaoiecc [2017-09-16]
OPR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19]
OPR Extension: (Direct links for Google Image) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lbbpfcajcbdmfhkkleloodefhanneljl [2018-04-12]
OPR Extension: (Disable Extensions Temporarily) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lcfdefmogcogicollfebhgjiiakbjdje [2017-09-13]
OPR Extension: (Wikimedia Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclegfmhkjbcpiikogacbfbpdgfbdifi [2017-11-19]
OPR Extension: (Free Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfkfikiejjfhpfbpgfolfkkdjpepmkal [2018-04-18]
OPR Extension: (Sidebar for YouTubeâ„¢) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljkgfkfopogmclcinephnaeekjiikibd [2017-09-27]
OPR Extension: (V7 Drag) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmmhflhfcljkioicbckchnpfiffcjkjp [2017-11-19]
OPR Extension: (Nehmen Sie Screenshot der Webseite - FireShot) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-01-08]
OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2017-11-19]
OPR Extension: (Tab Close Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfkclbfmlbdmjhndmdbbcmlnhojgopdd [2016-04-18]
OPR Extension: (CLEAN crxMouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mjidkpedjlfnanainpdfnedkdlacidla [2017-11-20]
OPR Extension: (About://Internal Pages) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpkgnldklpemphbfogboacnljgfpnkme [2016-07-28]
OPR Extension: (Video Speed Controller) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-07-08]
OPR Extension: (Copy URL + Title) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhmdngoiikdcodlpeifbjcjpjhefipal [2016-04-18]
OPR Extension: (Save to Pocket) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2018-07-08]
OPR Extension: (Violent monkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-11-19]
OPR Extension: (Scroll To Top Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\njdplanogllnioicoadncjfgfhdnnpha [2018-08-08]
OPR Extension: (dict-cc) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-10-07]
OPR Extension: (SaveFrom.net Helfer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2018-08-16]
OPR Extension: (Better History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\obciceimmggglbmelaidpjlmodcebijb [2017-12-22]
OPR Extension: (Enhancer for YouTube) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2018-08-01]
OPR Extension: (Zoom Popup) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofpknbbbohcgomapfgcgadleckdagikj [2016-04-18]
OPR Extension: (Googleâ„¢ Translator Sidebar) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ogmklpmbehclccahgccdnhjipkmmjaom [2017-08-15]
OPR Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-07-19]
OPR Extension: (Open Multiple URLs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oifijhaokejakekmnjmphonojcfkpbbh [2017-11-21]
OPR Extension: (LEO Wörterbuchsuche) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp [2018-01-08]
OPR Extension: (Mercury Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2018-06-10]
OPR Extension: (Mate Translate – Übersetzer, Wörterbuch) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2018-07-10]
OPR Extension: (V7 History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oneajlghdhobcelcgbgkjaipjoopcggg [2017-08-11]
OPR Extension: (Remove cookie(s) for the current domain) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\opbghiaphmcbefjfoihikkbpjaoanala [2017-03-16]
OPR Extension: (FlexyTrello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pggiemacedhgohmpcgdpceckeicjlgfn [2018-01-05]
OPR Extension: (Context Menus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\phlfmkfpmphogkomddckmggcfpmfchpn [2017-11-20]
OPR Extension: (Extract Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pibjcpkpaecbpifdkbehcicaoaejkaie [2016-04-18]
OPR Extension: (Enhancer for YouTubeâ„¢) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2018-08-01]
OPR Extension: (Enhancer for YouTubeâ„¢) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll []
OPR Extension: (Enhancer for YouTubeâ„¢) - C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_22_0_0_192.dll []
StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files (x86)\Opera developer\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
R2 AS ContentsDL; C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe [70520 2013-09-17] (NEC Personal Computers, Ltd.)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2018-04-09] (AOMEI Tech Co., Ltd.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-03-29] (Digital Wave Ltd.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel)
R2 ecomonsv; C:\Program Files\EcoViewer\ecomonsv.exe [280496 2012-12-04] (NEC Personal Computers, Ltd.)
R2 ibtsiva; C:\windows\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [416560 2018-05-28] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd)
S4 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [363144 2016-02-05] (Mailbird)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S4 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2016-12-17] (StagWare) [File not signed]
R2 NEC Move Media Server Monitor Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe [134920 2013-12-16] (CyberLink)
R2 NEC Move Media Server Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe [375560 2013-12-16] (CyberLink)
R2 NECBT SERVICE; C:\Program Files\NECBoot\NECBTSVC.exe [237496 2012-10-05] (NEC Personal Computers, Ltd.)
S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft)
R2 NT Meter; c:\windows\syswow64\NTMETER.exe [98672 2013-05-08] (NEC Personal Computers, Ltd.)
S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 PeakShiftSvc; C:\Program Files\PeakShiftTool\PeakShiftSvc.exe [289624 2013-07-02] (NEC Personal Computers, Ltd.)
R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12704 2017-01-15] ()
R2 ScVssService64; C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [75048 2013-01-28] (Centered Systems)
S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [183568 2018-03-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [X]
S2 EaseUS Agent; "C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe" [X]
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S4 watchtw; C:\windows\SysWOW64\wtwatch.exe [X]
S2 WebServTw; C:\windows\SysWOW64\wstw.exe [X]
S4 wtflserv; C:\windows\SysWOW64\fltw.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\windows\System32\ambakdrv.sys [51120 2016-12-21] ()
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [171952 2016-12-21] ()
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [38320 2017-09-01] ()
R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
S3 esihdrv; C:\Users\d\AppData\Local\Temp\esihdrv.sys [149928 2018-04-09] (ESET) <==== ATTENTION
R0 EUBAKUP; C:\windows\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] () [File not signed]
R1 EUDSKACS; C:\windows\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\windows\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [231400 2017-05-19] (Intel Corporation)
R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [72904 2017-12-27] (AO Kaspersky Lab)
R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [122560 2018-02-02] (AO Kaspersky Lab)
R2 kldisk; C:\windows\system32\DRIVERS\kldisk.sys [87752 2018-07-23] (AO Kaspersky Lab)
S0 klelam; C:\windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\windows\system32\DRIVERS\klflt.sys [220360 2018-07-23] (AO Kaspersky Lab)
R1 KLHK; C:\windows\System32\drivers\klhk.sys [1193160 2018-07-23] (AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [1112264 2018-07-23] (AO Kaspersky Lab)
R1 klim6; C:\windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\windows\system32\DRIVERS\klpnpflt.sys [45784 2017-11-29] (AO Kaspersky Lab)
R3 kltap; C:\windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 Klwtp; C:\windows\system32\DRIVERS\klwtp.sys [161080 2018-07-23] (AO Kaspersky Lab)
R1 kneps; C:\windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R1 MFKGTKEY; C:\windows\system32\drivers\mfkgtkey.sys [26960 2013-09-19] (NEC Personal Computers, Ltd.)
R3 necbatt; C:\windows\System32\drivers\necbatt.sys [19760 2013-06-20] (NEC Personal Computers, Ltd.)
R3 necextif; C:\windows\System32\drivers\necextif.sys [26448 2013-06-21] (NEC Personal Computers, Ltd.)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3521032 2017-11-08] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 Ps2Led; C:\windows\system32\DRIVERS\Ps2Led.sys [18768 2013-09-19] (NEC Personal Computers, Ltd.)
R1 Ps2LedIF; C:\windows\system32\drivers\ps2ledif.sys [16208 2013-09-19] (NEC Personal Computers, Ltd.)
R3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows (R) Win 7 DDK provider)
U3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [31856 2017-03-23] (Windows (R) Win 7 DDK provider)
R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-07-18] (Corel Corporation)
R3 RadioSwitchHID; C:\windows\System32\drivers\RadioSwitchHID.sys [19456 2012-08-24] (NEC Personal Computers, Ltd.)
S3 RTLU3E8023-W8-64; C:\windows\system32\DRIVERS\rtu30x64w8.sys [70656 2013-06-18] (Realtek )
S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R0 Sahdad64; C:\windows\System32\Drivers\Sahdad64.sys [28304 2013-07-23] (Corel Corporation)
R0 Saibad64; C:\windows\System32\Drivers\Saibad64.sys [20112 2013-07-23] (Corel Corporation)
R1 SaibVdAd64; C:\windows\System32\Drivers\SaibVdAd64.sys [27792 2013-07-23] (Corel Corporation)
R3 VBoxNetAdp; C:\windows\system32\DRIVERS\VBoxNetAdp6.sys [198032 2018-02-26] (Oracle Corporation)
R1 VBoxNetLwf; C:\windows\system32\DRIVERS\VBoxNetLwf.sys [208392 2018-02-26] (Oracle Corporation)
S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [125008 2015-12-18] (Oracle Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2017-09-24] (OpenLibSys.org)
R1 wtfilter_6589; C:\windows\System32\drivers\wtfilter_6589.sys [86488 2017-02-06] ()
U0 aswVmm; no ImagePath
S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X]
S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Downloads\FRST64.exe
2018-08-17 20:16 - 2018-08-17 20:16 - 000016853 _____ C:\Users\d\Downloads\Download.htm
2018-08-17 20:14 - 2018-08-17 20:19 - 000000000 ____D C:\FRST
2018-08-17 20:13 - 2018-08-17 20:13 - 000001249 _____ C:\Users\d\Desktop\trojaner.txt
2018-08-16 23:57 - 2018-08-16 23:57 - 000000000 ____D C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2018-08-16 13:36 - 2018-08-16 13:39 - 000000000 ____D C:\Users\d\Downloads\car
2018-08-16 00:30 - 2018-07-19 09:06 - 007371616 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-08-16 00:30 - 2018-07-19 08:48 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-08-16 00:30 - 2018-07-19 08:15 - 025745408 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-08-16 00:30 - 2018-07-19 06:35 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-08-16 00:30 - 2018-07-19 06:33 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-08-16 00:30 - 2018-07-19 06:33 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-08-16 00:30 - 2018-07-19 06:30 - 005778432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2018-08-16 00:30 - 2018-07-19 06:21 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-08-16 00:30 - 2018-07-19 06:05 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-08-16 00:30 - 2018-07-19 06:03 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-08-16 00:30 - 2018-07-19 06:01 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-08-16 00:30 - 2018-07-19 05:55 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-08-16 00:30 - 2018-07-19 05:55 - 000099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2018-08-16 00:30 - 2018-07-19 05:54 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-08-16 00:30 - 2018-07-19 05:47 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-08-16 00:30 - 2018-07-19 05:46 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-08-16 00:30 - 2018-07-19 05:45 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-08-16 00:30 - 2018-07-19 05:45 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-08-16 00:30 - 2018-07-19 05:43 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-08-16 00:30 - 2018-07-19 05:32 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-08-16 00:30 - 2018-07-19 05:31 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-08-16 00:30 - 2018-07-19 05:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-08-16 00:30 - 2018-07-19 05:28 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-08-16 00:30 - 2018-07-19 05:20 - 001554944 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-08-16 00:30 - 2018-07-19 05:17 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2018-08-16 00:30 - 2018-07-19 05:09 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-08-16 00:30 - 2018-07-19 05:09 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-08-16 00:30 - 2018-07-19 05:06 - 001329152 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-08-16 00:30 - 2018-07-19 05:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-08-16 00:30 - 2018-07-13 09:51 - 002452824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-08-16 00:30 - 2018-07-07 20:33 - 001548632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2018-08-16 00:30 - 2018-07-07 19:05 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-08-16 00:30 - 2018-07-07 19:02 - 000096768 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2018-08-16 00:30 - 2018-07-07 19:00 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2018-08-16 00:30 - 2018-07-07 18:33 - 000078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2018-08-16 00:30 - 2018-07-07 18:31 - 000113664 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2018-08-16 00:30 - 2018-07-06 19:37 - 001754624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2018-08-16 00:30 - 2018-07-06 18:36 - 001491968 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2018-08-16 00:30 - 2018-06-30 20:00 - 001113952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2018-08-16 00:30 - 2018-06-27 20:10 - 000559104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\csc.sys
2018-08-16 00:30 - 2018-06-27 19:48 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\CscMig.dll
2018-08-16 00:30 - 2018-06-24 17:11 - 000748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-08-16 00:30 - 2018-06-24 17:04 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-08-16 00:30 - 2018-06-19 15:38 - 003611136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2018-08-16 00:30 - 2018-06-19 15:38 - 003321344 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2018-08-16 00:30 - 2018-06-19 15:31 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2018-08-16 00:30 - 2018-06-19 15:29 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2018-08-16 00:30 - 2018-06-16 17:03 - 002779136 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-08-16 00:30 - 2018-06-16 16:59 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-08-16 00:30 - 2018-06-15 06:34 - 000923512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2018-08-16 00:30 - 2018-06-15 04:12 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2018-08-16 00:30 - 2018-06-15 03:55 - 000840192 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2018-08-16 00:30 - 2018-06-15 03:43 - 000186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2018-08-16 00:30 - 2018-06-15 03:26 - 000514560 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2018-08-16 00:30 - 2018-06-15 03:22 - 000866304 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2018-08-16 00:30 - 2018-06-15 03:19 - 000399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2018-08-16 00:30 - 2018-06-08 20:47 - 000083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-08-16 00:29 - 2018-07-19 06:23 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-08-16 00:29 - 2018-07-19 05:53 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-08-16 00:29 - 2018-07-19 05:34 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-08-16 00:29 - 2018-07-19 05:28 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-08-16 00:29 - 2018-06-15 04:28 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-08-16 00:29 - 2018-06-15 04:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-08-11 07:55 - 2018-08-11 07:55 - 759471852 _____ C:\windows\MEMORY.DMP
2018-08-11 07:55 - 2018-08-11 07:55 - 000296888 _____ C:\windows\Minidump\081118-7421-01.dmp
2018-07-18 08:04 - 2018-07-18 08:04 - 000000600 _____ C:\Users\d\AppData\Local\PUTTY.RND

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-17 20:07 - 2016-02-27 04:33 - 000000000 ____D C:\Users\d\AppData\Local\ClassicShell
2018-08-17 18:41 - 2018-02-19 17:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-08-17 17:58 - 2014-06-11 01:27 - 000003868 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A885AFCF-DEDA-4845-AD42-3903A4A06B09}
2018-08-17 16:39 - 2016-10-12 16:25 - 000000000 ____D C:\Users\d\Desktop\_Current
2018-08-17 12:45 - 2014-07-05 21:58 - 000000000 ____D C:\Users\d\AppData\Local\CrashDumps
2018-08-17 04:04 - 2016-12-05 16:31 - 000000000 ____D C:\Users\d\AppData\LocalLow\Mozilla
2018-08-17 02:03 - 2014-06-11 01:30 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417334993-2898295356-3386692794-1001
2018-08-17 01:32 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\ELAM
2018-08-16 19:15 - 2016-01-25 20:22 - 000000000 ____D C:\Users\d\Desktop\linkman database
2018-08-16 16:15 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache
2018-08-16 04:31 - 2016-06-03 21:44 - 000003882 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1464983063
2018-08-16 04:31 - 2016-06-03 21:44 - 000000000 ____D C:\Program Files (x86)\Opera developer
2018-08-16 04:31 - 2014-06-12 21:16 - 000011354 _____ C:\windows\system32\perfh007.dat
2018-08-16 04:31 - 2014-06-12 21:16 - 000006212 _____ C:\windows\system32\perfc007.dat
2018-08-16 04:31 - 2013-08-28 09:06 - 000018338 _____ C:\windows\system32\PerfStringBackup.INI
2018-08-16 04:31 - 2013-08-23 00:47 - 000005884 _____ C:\windows\system32\perfc011.dat
2018-08-16 04:31 - 2013-08-23 00:47 - 000005820 _____ C:\windows\system32\perfh011.dat
2018-08-16 04:31 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf
2018-08-16 04:29 - 2014-06-12 22:14 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-16 04:26 - 2016-07-25 16:40 - 000003332 _____ C:\windows\System32\Tasks\iToolsDaemon
2018-08-16 04:25 - 2016-01-16 12:43 - 000000000 ____D C:\Users\d\Desktop\acv507
2018-08-16 04:25 - 2016-01-16 12:36 - 000000000 ____D C:\Program Files (x86)\Alternative Flash Player Auto-Updater
2018-08-16 04:24 - 2018-04-12 19:10 - 000000082 _____ C:\windows\SysWOW64\winsevr.dat
2018-08-16 04:24 - 2018-04-12 19:09 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2018-08-16 04:24 - 2016-01-11 12:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-08-16 04:24 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-16 04:24 - 2013-08-22 16:44 - 000602656 _____ C:\windows\system32\FNTCACHE.DAT
2018-08-16 04:23 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\BBI
2018-08-16 04:22 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData
2018-08-16 02:12 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp
2018-08-16 01:55 - 2016-04-19 07:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-16 00:45 - 2017-10-21 23:08 - 000004514 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-08-16 00:45 - 2017-10-21 23:08 - 000004378 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-08-16 00:45 - 2013-08-22 17:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-08-16 00:45 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\Macromed
2018-08-16 00:06 - 2018-03-14 07:02 - 000004244 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-08-13 15:49 - 2018-03-21 15:19 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-08-13 08:25 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness
2018-08-11 08:09 - 2014-06-11 01:25 - 000000000 ____D C:\Users\d
2018-08-11 07:55 - 2017-06-30 00:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-08-11 07:55 - 2014-07-05 22:35 - 000000000 ____D C:\windows\Minidump
2018-08-11 07:55 - 2014-06-17 04:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-10 00:38 - 2018-05-05 20:25 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 00:38 - 2018-05-05 20:25 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-08 19:10 - 2014-06-12 22:14 - 000003862 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1402604082
2018-08-04 01:46 - 2013-08-22 17:38 - 000836480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-08-04 01:46 - 2013-08-22 17:38 - 000181120 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-29 17:39 - 2016-06-16 16:20 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-26 20:36 - 2016-01-11 13:09 - 000000000 ____D C:\windows\system32\appraiser
2018-07-26 20:26 - 2017-05-13 20:36 - 000002086 _____ C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ____D C:\ProgramData\Skype
2018-07-25 20:50 - 2016-01-23 02:31 - 000000000 ____D C:\Users\d\AppData\Roaming\Skype
2018-07-23 17:20 - 2018-05-28 23:48 - 001112264 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2018-07-23 17:20 - 2018-05-28 23:48 - 000220360 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2018-07-23 17:20 - 2018-04-25 16:16 - 000087752 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\kldisk.sys
2018-07-23 17:20 - 2018-02-17 02:50 - 000161080 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klwtp.sys
2018-07-23 17:18 - 2018-04-25 16:16 - 001193160 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2018-07-23 17:18 - 2018-04-05 20:02 - 000152360 _____ (AO Kaspersky Lab) C:\windows\system32\klhkum.dll
2018-07-19 19:55 - 2016-04-19 08:31 - 000000000 ____D C:\Users\d\AppData\Roaming\PrimoPDF
2018-07-18 08:06 - 2014-02-28 00:46 - 000000000 ____D C:\Users\d\Desktop\@DT@V _Mdps

==================== Files in the root of some directories =======

2004-02-06 21:06 - 2004-02-06 21:06 - 000000000 ____H () C:\ProgramData\sdpsenv.dat
2018-07-18 08:04 - 2018-07-18 08:04 - 000000600 _____ () C:\Users\d\AppData\Local\PUTTY.RND
2018-01-13 16:54 - 2018-01-13 16:54 - 000000218 _____ () C:\Users\d\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2016-06-17 10:37 - 2016-06-17 10:37 - 003045232 _____ (AnVir Software) C:\Users\d\AppData\Local\Temp\AnVir.exe
2016-04-19 08:35 - 2016-04-19 08:35 - 008108488 _____ () C:\Users\d\AppData\Local\Temp\converter.exe
2014-06-19 00:36 - 2014-06-19 00:36 - 000374208 _____ (ESET) C:\Users\d\AppData\Local\Temp\InstHelper.exe
2016-11-03 20:36 - 2016-11-03 20:36 - 000737856 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-27 05:24 - 2017-01-27 05:24 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-05-04 14:05 - 2017-05-04 14:05 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-07-21 17:36 - 2017-07-21 17:36 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-11-24 13:32 - 2017-11-24 13:32 - 001856576 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-03-28 00:30 - 2018-03-28 00:30 - 001864256 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-04-25 06:46 - 2018-04-25 06:46 - 001884616 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u171-windows-au.exe
2016-03-23 22:16 - 2016-03-23 22:16 - 000736320 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-07-04 06:55 - 2016-07-04 06:55 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-02-09 23:54 - 2016-01-31 21:51 - 000041432 _____ () C:\Users\d\AppData\Local\Temp\kh_5552.dll
2014-06-17 04:32 - 2014-03-25 00:55 - 000099096 _____ () C:\Users\d\AppData\Local\Temp\LMkRstPt.exe
2017-05-29 05:06 - 2017-05-29 05:06 - 001457312 _____ (Sysinternals - www.sysinternals.com) C:\Users\d\AppData\Local\Temp\loeschen64.exe
2016-02-09 23:54 - 2016-01-31 21:51 - 000038872 _____ () C:\Users\d\AppData\Local\Temp\mh_5552.dll
2016-06-03 21:44 - 2016-06-03 21:44 - 001086464 _____ (Opera Software) C:\Users\d\AppData\Local\Temp\Opera_installer_2016634422903.dll
2016-12-16 03:25 - 2018-07-10 21:46 - 065875720 _____ (Paramount Software UK Ltd) C:\Users\d\AppData\Local\Temp\reflectPatch.exe
2016-02-09 05:18 - 2018-07-25 20:51 - 057812744 _____ (Skype Technologies S.A.) C:\Users\d\AppData\Local\Temp\SkypeSetup.exe
2018-04-09 15:53 - 2018-04-09 15:53 - 004845696 _____ (ESET) C:\Users\d\AppData\Local\Temp\SysInspector.exe
2015-12-31 14:07 - 2015-12-31 14:08 - 031948192 _____ (IDM Computer Solutions, Inc.) C:\Users\d\AppData\Local\Temp\uc_english.exe
2017-05-10 12:32 - 2017-05-10 12:32 - 014456872 _____ (Microsoft Corporation) C:\Users\d\AppData\Local\Temp\vc_redist.x86.exe
2015-08-03 01:58 - 2015-08-03 01:58 - 000118784 _____ () C:\Users\d\AppData\Local\Temp\xmlUpdater.exe
2016-02-09 23:52 - 2013-07-06 17:02 - 001520544 _____ (Pitrinec Software) C:\Users\d\AppData\Local\Temp\~cbu_tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-17 04:06

==================== End of FRST.txt ============================
         

additional.txt folgt sofort.

additional.txt:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by d (17-08-2018 20:20:54)
Running from C:\Users\d\AppData\Local\Temp\scoped_dir5172_2273
Windows 8.1 Pro (Update) (X64) (2014-06-10 23:25:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1417334993-2898295356-3386692794-500 - Administrator - Disabled)
d (S-1-5-21-1417334993-2898295356-3386692794-1001 - Administrator - Enabled) => C:\Users\d
Guest (S-1-5-21-1417334993-2898295356-3386692794-501 - Limited - Disabled)
___VMware_Conv_SA___ (S-1-5-21-1417334993-2898295356-3386692794-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
Abelssoft Undeleter (HKLM-x32\...\{1FB7B731-3479-4128-8299-A53922E47675}_is1) (Version: 4.2 - Abelssoft)
AbleWord v3.0 (HKLM-x32\...\AbleWord_is1) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Alternative Flash Player Auto-Updater (HKLM-x32\...\{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1) (Version: 1.2.0.1 - pXc-coding.com)
AnVir Task Manager Free (HKLM-x32\...\AnVir Task Manager Free) (Version:  - AnVir Software)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.0.0.0 - iMobie Inc.)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-Bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bluefish 2.2.10 (HKLM-x32\...\Bluefish) (Version: 2.2.10 - The Bluefish Developers)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU)
CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
doPDF 8 (HKLM-x32\...\{fb478b24-519a-43d4-aeea-9a6712d28811}) (Version: 8.5.940 - Softland)
EaseUS Todo Backup Home 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
ECO��グラフ (HKLM\...\{01F84262-DBC2-4B4D-8C4A-1C82D2CD88AA}) (Version: 1.5.0 - NEC Personal Computers, Ltd.)
ECOモードè¨*定ツール (HKLM\...\{1D2AF0E5-3B07-4B0F-98BD-03F0918BC367}) (Version: 5.7.0 - NEC Personal Computers, Ltd.)
EditPlus (64 bit) (HKLM\...\EditPlus) (Version:  - ES-Computing)
EF Process Manager (HKLM-x32\...\EF Process Manager) (Version:  - EFSoftware)
EmEditor (64-bit) (HKLM\...\{36CC25CA-2E71-4839-A822-0D1EC0E52145}) (Version: 15.7.2 - Emurasoft, Inc.)
ExactFile 1.0.0.15 (HKLM-x32\...\ExactFile_is1) (Version:  - StudyLamp Software LLC)
f.lux (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Flux) (Version:  - f.lux Software LLC)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.73.328 - Digital Wave Ltd)
Geany 1.26 (HKLM-x32\...\Geany) (Version: 1.26 - The Geany developer team)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
GPSoftware Directory Opus (HKLM-x32\...\{0A6AA615-5321-43A0-AFAE-97BF95013EA0}) (Version: 11.19 - GPSoftware)
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
iMazing 2.5.4.0 (HKLM\...\iMazing_is1) (Version: 2.5.4.0 - DigiDNA)
iMyfone D-Back 4.5.1.0 (HKLM-x32\...\{071B9303-5881-4BC6-B9E9-2E2D22C015C1}_is1) (Version: 4.5.1.0 - Shenzhen iMyfone Technology Co., Ltd.)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.7.0.179 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}) (Version: 2.1.03638 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3338 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.3.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{396E9B28-F15F-4C05-A401-99DE1874C2CA}) (Version: 4.2.40.2439 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000071-0190-1031-84C8-B8D95FA3C8C3}) (Version: 19.71.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
Java 10.0.1 (64-bit) (HKLM\...\{D33DF729-38BB-5651-9D40-93BFEFB5DCED}) (Version: 10.0.1.0 - Oracle Corporation)
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
KeyboardTest V3.2 (HKLM\...\KeyboardTest_is1) (Version: 3.2 - PassMark Software)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
LibreOffice 6.0.5.2 (HKLM\...\{9645CDEF-085C-45F7-A3CD-B4B7046EF78C}) (Version: 6.0.5.2 - The Document Foundation)
Linkman (HKLM-x32\...\Linkman) (Version: 8.98 - Outertech)
Macrium Reflect Free Edition (HKLM\...\{1A399324-9784-4384-927F-0FEA922BC516}) (Version: 7.1.3317 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Malwarebytes Version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
MicroDicom DICOM viewer 2.2.5 (HKLM-x32\...\MicroDicom) (Version: 2.2.5 - MicroDicom)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (de-DE, Hedda) (HKLM-x32\...\{ACFCC7B5-C028-40AE-A5F5-9778B41F22A2}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{e7784e4f-df08-46b2-8c4f-f981ee32bcff}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{970F982A-E889-486B-BB26-B8598280D924}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
music.jp PLAY 4.0 (HKLM-x32\...\music.jp PLAY_is1) (Version: 4.0 - Ventis Media Inc.)
NoteBook FanControl (HKLM-x32\...\{00111A7A-77A7-4AC6-A272-A56DFAD517E7}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare) Hidden
NoteBook FanControl (HKLM-x32\...\{666d9f07-291b-44a5-b86f-d5240e78692d}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NoteTab 7 Trial (Remove only) (HKLM-x32\...\NoteTab 7 Trial_is1) (Version: 7.2 - Fookes Holding Ltd)
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
Opera developer 56.0.3045.0 (HKLM-x32\...\Opera 56.0.3045.0) (Version: 56.0.3045.0 - Opera Software)
Opera Stable 54.0.2952.71 (HKLM-x32\...\Opera 54.0.2952.71) (Version: 54.0.2952.71 - Opera Software)
Oracle VM VirtualBox 5.1.34 (HKLM\...\{2FDA51A1-BCE0-40C6-9EC9-7778F72525C9}) (Version: 5.1.34 - Oracle Corporation)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
PDF-XChange Editor (HKLM\...\{5C198985-6833-4F92-BE9A-33FC8ACC1025}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{344e7cdb-4fda-4dc1-9dd8-1fa7b1694d7c}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.)
PhoneRescue (HKLM-x32\...\PhoneRescue) (Version: 3.1.2.0 - iMobie Inc.)
Pinta 1.6 (HKLM-x32\...\{833CBF68-0FE7-44A4-86E6-71DE50A30465}) (Version: 1.6.0.0 - Pinta Community) Hidden
Pinta 1.6 (HKLM-x32\...\{aaa32734-ca38-494d-836c-f41822d11ed5}) (Version: 1.6.0.0 - Pinta Community)
Play.net (HKLM-x32\...\{8CE3D78F-7B81-46F5-977A-12DBA2CB5B9A}) (Version: 2.1.6 - NEC Personal Computers, Ltd.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Postbox (4.0.8) (HKLM-x32\...\Postbox (4.0.8)) (Version: 4.0.8 (en-US) - Postbox, Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Prio (HKLM\...\Prio) (Version: 2.1.0.4391 - )
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.0.0.276 - Bitsum)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala)
PyKeylogger - Simple Python Keylogger (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\PyKeylogger) (Version: 1.2.1 - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Roxio Creator LJ (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.2.43.19 - Roxio)
Second Copy 8 (HKLM-x32\...\Second Copy 8_is1) (Version: 8.1.2.0 - Centered Systems)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Smart Update (HKLM-x32\...\{EA65772D-1999-462B-BFC0-480A9515ABCC}) (Version: 2.0.2.0 - NECパーソナルコンピュータæ*ªå¼�会社)
SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.) Hidden
SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\InstallShield_{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.)
SmEdit v1.170 (HKLM-x32\...\SmEdit) (Version: 1.170 - Sinner Computing)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.8 - Synaptics Incorporated)
Syncios Data Recovery 1.0.9 (HKLM-x32\...\Syncios Data Recovery) (Version: 1.0.9 - Anvsoft)
System Checkup 4.0 (HKLM-x32\...\{918D30D3-AD9B-43A8-9EF7-463075DC93CD}_is1) (Version: 4.0.0.146 - iolo technologies, LLC)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
TED Notepad (HKLM-x32\...\TED Notepad) (Version: 6.0.2 - Medvedik, Juraj Simlovic)
TextPad 8 (HKLM\...\{861AB1C1-1967-4C4A-BF86-C255E2D2B8FD}) (Version: 8.0.0 - Helios)
VEDIT 6.2 (HKLM-x32\...\Vedit) (Version:  - )
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
WhatsApp (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\WhatsApp) (Version: 0.2.5371 - WhatsApp)
WhoCrashed 6.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - Intel (NETwNb64) net  (10/16/2017 19.10.10.2) (HKLM\...\87BD50FDDBB077656313DAABF938DE8C31D89265) (Version: 10/16/2017 19.10.10.2 - Intel)
Windows-Treiberpaket - Intel (NETwNb64) net  (10/31/2017 18.33.11.2) (HKLM\...\D6CC402604E3676A6C8B5028A493400358139A70) (Version: 10/31/2017 18.33.11.2 - Intel)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WMV Joiner version 1.1.2.8 (HKLM-x32\...\WMV Joiner_is1) (Version:  - )
����メニューNavi (HKLM\...\{69561DE9-373F-4273-AE2D-BD076E552C0C}) (Version: 2.2.1 - NEC Personal Computers, Ltd.)
ã�Šã�™ã�™ã‚�è¨*定 (HKLM\...\{61558C29-0C3A-442B-A43C-C883B94E8929}) (Version: 1.0.0 - NEC Personal Computers, Ltd.)
���る�ックアップ (HKLM-x32\...\{F353F974-64FF-44F5-AE2D-D079964C5685}) (Version: 4.6 - Roxio)
オンスクリーン表示ã�®è¨*定 (HKLM\...\{C8E0D8C6-7C6B-4EBE-B02A-C97E17796B97}) (Version: 1.0.0 - NEC Personal Computers, Ltd.)
クイックパワーオン (HKLM\...\{98916919-5ACD-415A-AA04-7B7B0A425BE6}) (Version: 1.1.0 - NEC Personal Computers, Ltd.)
ソフト＆サ�ートナビゲーター (HKLM-x32\...\{8AF94405-08BB-4CF6-8856-84C88EAA7ECA}) (Version: 1.5.7 - NEC Personal Computers, Ltd.)
ソフト＆サãƒ�ートナビゲーター修æ*£ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ï¼ˆ2013年秋冬） (HKLM-x32\...\{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 -  ) Hidden
ソフト＆サãƒ�ートナビゲーター修æ*£ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ï¼ˆ2013年秋冬） (HKLM-x32\...\InstallShield_{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 -  ) Hidden
ソフト＆サãƒ�ートナビゲーター修æ*£ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ï¼ˆWindows 8.1対応） (HKLM-x32\...\{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 -  ) Hidden
ソフト＆サãƒ�ートナビゲーター修æ*£ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ï¼ˆWindows 8.1対応） (HKLM-x32\...\InstallShield_{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 -  ) Hidden
ãƒ�ッテリ・リフレッシュ＆診æ–*ツール (HKLM\...\{B3806CF1-829E-4280-BC3E-1636035908FD}) (Version: 1.12.0 - NEC Personal Computers, Ltd.)
パãƒ�ルオープンパワーオンã�®è¨*定 (HKLM\...\{D637EF1B-3B6A-4680-A2F2-ACB6BF464DFA}) (Version: 1.2.0 - NEC Personal Computers, Ltd.)
パワーオフUSBå……é›»ã�®è¨*定 (HKLM\...\{DFA0E609-8481-4E32-828E-7311E4936F99}) (Version: 2.4.0 - NEC Personal Computers, Ltd.)
ピークシフトè¨*定ツール (HKLM\...\{4F3E3604-F81F-4768-BD87-6A692338A847}) (Version: 1.3.0 - NEC Personal Computers, Ltd.)
ファイナルパソコンデータ引越� 9 plus for NEC (HKLM-x32\...\{EE57E154-979A-4C6D-8459-296B1526D3FE}) (Version: 7.00.629.0 - AOS Technologies)
フォト ギャラリー (HKLM-x32\...\{CAF46B72-12E2-4FE7-A348-45999E69E1FE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
ワンタッãƒ�スタートボタンã�®è¨*定 (HKLM\...\{AB281E2C-FA39-4CC0-B1B0-3DF24AD5B3D0}) (Version: 1.19.1312 - NEC Personal Computers, Ltd.) Hidden
�セットアップメディア作�ツール (HKLM-x32\...\{157C8082-2627-4236-A6CC-B797CF91D576}) (Version: 6.2.0 - NEC Personal Computers, Ltd.)
ç*†ã��ã‚‹ã‚� 20 (HKLM-x32\...\{02D371DE-95DC-4F6F-A1A6-4C957D6721A9}) (Version: 20.00.0008 - 富士ソフトæ*ªå¼�会社)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{05468442-062B-425B-A1E5-7DC9077C0734}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{070057DA-0223-4D7E-B886-7CF38806F044}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0C89916D-7B21-4578-805E-A62B6DB24B85}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0EAEF7F0-4566-4FC1-9170-8A02C4889CBD}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{110BD641-44EE-4E95-9CC9-0E21EDAB4A3B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1132C079-B5D2-47CC-8976-C03989AB1531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1153FA7B-6348-420B-B0BF-E6B63D9AA284}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{132C9446-2F32-4CBA-8C03-FB8C8FFECAF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{13526224-3C67-43AB-82A8-2740A138723E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{166669E8-3E01-4D42-B3C0-62FADDBAB00A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{181AC033-9534-4567-B173-6DA6525424E3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19261A68-E50E-497B-A0BA-9909C586A9D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19B119EA-A452-477B-8423-EAF115A29CEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1DEDC126-F5F3-48F1-9DB5-03D9BBC4F83E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1E65BA05-6325-4B65-9D63-97DF1FEC92BB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{22410B2E-909D-4A70-8234-C64A75F9B844}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{262E2007-2F51-430E-9F43-A2F4BE8AAB65}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2797C792-9879-47ED-944C-19EBE866FC24}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2847421D-1EE5-4356-AFB2-DFE4E9D61C68}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{28916419-ECF6-45F0-8F20-87024C3837F6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{295CEEF4-708C-48DB-8F3B-C30047A51281}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2BDB4786-A72C-4775-8FA4-A59967325612}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2CE81929-7B17-4394-ABBF-765AF900A3EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32515D47-A1DD-4E97-A8B9-4B92D517C8A8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32ABFD53-EC5A-4A31-8FB6-A0E8EEA4A31F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{35A48AC8-5632-4A47-B564-7B75321826E1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3932E526-705D-41B5-83FD-87D1DB82B6A7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3C0C7828-2BD0-4B57-B656-B5DB09550E73}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3DDC5BB3-A9B0-4787-B700-AD84FD0EB4D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3E7FF6D2-2973-4FA7-BDD8-1924AFDF2764}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{40BCE962-264C-452E-92E7-B5F35B3F2436}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{42AA6491-4D25-4054-AF0E-203B0780C144}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{43C9A239-A357-4176-9DED-49CFECD93C0B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{44AB264B-7136-4E41-A9AC-B9F876D162EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4B0CA027-383D-41E6-97D7-F5EDEBC4916F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4C7A1662-008F-4EDC-97D3-D4199B062B4A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAD847C-28D6-4EA2-A833-63AC04BBDB02}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAFD059-0F6A-4024-A81A-087CDB7D4633}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{51D11E0A-BF6C-4E44-8AB0-1AA8A2A73BF4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{58F1A0DF-3038-4DD1-BCF6-406DD6AA4D1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E0CBCC1-A35D-447F-923F-5783E22ED791}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E5558B7-1B65-4EA1-92F4-8E9567C2ABFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{606372CE-5093-4FD7-A37D-3CE22496B6F9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{61267647-B40C-4050-ACE4-985D93253DFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{62162BC5-8419-4241-980C-649CC91B1E1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6282C6EB-E17C-4617-B72B-DB671AC7ABDE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{638C2808-47DE-4CC6-99B5-789EB0C86D77}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6619B693-BB07-475B-B595-C77E4CD3EBEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{68F233B6-F8C3-4A96-9100-003BCDCE53B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6CA7C35E-1FC1-4C66-91A7-1FE5178F36A9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6DB6DF3B-0DF4-4C66-B0FD-216BA16A1D34}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{721088D3-BD36-468C-8916-B5F2074F8023}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{760A2160-66F5-42F2-AD7A-A62AD9756CDF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7660000A-03D2-476F-91FC-2D863D6DCC03}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7725641E-7AB5-49EE-922D-E703CDB98588}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{782485F1-AA61-4F5F-8A59-03B6D2FF91C1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7AAA42E5-5C43-48D1-B298-71146A878F7C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7E6249E7-95C5-40CF-8E15-0034BA49F49B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{849783D6-6561-434F-ACE1-8A67783ED4FF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{8ED73585-3AA8-41E2-A98B-85FE2857B420}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{9F92194F-9039-4E49-BB83-1168EC86ABD9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A1B66AF8-20FB-4B52-947E-60F2048A2821}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A57DB49B-ABA0-45BE-AA2D-28C13E2919D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A782D6BE-5799-406E-86E1-6C5442F0D902}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B032B620-06B1-4D98-B09E-9D5BD7CD3BEC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B0F43F65-6282-457A-AAFC-8B0597EB8591}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B3726FEF-1166-4B1C-AB33-1FD76AE2B0E7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B604EC25-0C5D-48DB-9E7C-243EDB3D84BF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B80972C9-AF80-4F71-BB2B-9CB1FAED19F0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BC5D198E-58DF-4267-BBDB-22FF193B255D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BF87ECFF-1A50-4CDD-BF9F-991EDCF75B1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C09AC76A-826E-491E-87E0-46807D8215A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3B42C03-C1B7-4c1a-B384-BBAE19646333}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3D9D1E2-08A6-4937-AC5B-AA1E9A0971B9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C4E34FA1-F051-4754-AC47-B946EA04031D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C85E45FD-576D-43FE-81C5-C4012999FEFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8618129-8966-4851-A99A-4EEF208620AF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8F46A32-4FE4-408C-9F91-7F06460F42AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CB2CFC1A-5069-475C-B4BD-621E2A9A3A1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CFB39FCE-8A04-479A-9248-0D3F45763954}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DAFE2BB3-20A0-45EA-A032-D42627572BCC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DCBA6A6C-FEBD-4BE5-B027-B59730A4BA22}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DF3FAE68-02A8-4A29-A254-D04E03E4058D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DFA026EA-2024-4088-8417-126A2E2D2486}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{EAE666EA-3CB0-403D-974F-5D8358DE67FA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F0E2DAE4-25FA-4638-B789-B01CA9B4329C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F2AC96B1-3579-4F87-9111-DC670C02BEEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F43FEE01-24DB-4AC9-8FCF-73F1CBECDD8C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F8069691-0850-4326-B317-D5AF35F5DFA0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F83118C7-0841-4A6C-BA28-855B24B17C1A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F93AD34F-D933-4BB7-917E-694DB52F82F8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FB3D4710-33E5-4E78-8BF5-CE34A431174F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FC48C6DE-CEEB-4774-9412-2FF5689A8C9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [EditPlus] -> {36D94110-787C-4828-9C1B-0DAFEBC36069} => C:\Program Files\EditPlus\eppshell64.dll [2015-07-07] ()
ContextMenuHandlers1: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-05-28] (AO Kaspersky Lab)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-05-28] (AO Kaspersky Lab)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-05-28] (AO Kaspersky Lab)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2014-06-13] (Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-05-28] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2015-11-29] ()
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] ()
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraEdit] -> {b5eedee0-c06e-11cf-8c56-444553540000} => C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll [2015-12-15] ()
ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)
ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] ()
ContextMenuHandlers5_S-1-5-21-1417334993-2898295356-3386692794-1001: [DOpus] -> {B9DD4945-1BED-4CB7-994C-F40B72B7725A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FC94078-783C-4F45-9A83-EA7E687FF98A} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe
Task: {1C957448-077E-44CE-A9AF-942431EDCAAF} - System32\Tasks\Opera scheduled Autoupdate 1402604082 => C:\Program Files (x86)\Opera\launcher.exe [2018-08-07] (Opera Software)
Task: {49D7EB9A-811C-4735-80A0-C626241A15DD} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-26] (Oracle Corporation)
Task: {4AEAC1FC-86EF-4742-9F8F-B9BB85B7E32A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {56E998C4-C729-4325-8DA2-4D1C164BFFFA} - System32\Tasks\Opera scheduled Autoupdate 1464983063 => C:\Program Files (x86)\Opera developer\launcher.exe [2018-08-14] (Opera Software)
Task: {5F6982B9-126D-4D86-B365-2E3DD4E00566} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2016-07-25] ()
Task: {662EC505-D38A-4048-88F0-30F654CC04AC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-05-28] (AO Kaspersky Lab)
Task: {7027B04B-9076-44EF-BC3F-B062A5C7E483} - System32\Tasks\iolo SCU task one => C:\ProgramData\iolo\SCU\sculnch.lnk [Argument = /toaster]
Task: {74E6B7CD-C7A0-4552-8046-5B979C3B430F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-16] (Adobe Systems Incorporated)
Task: {7A7C5B78-C9AB-45BE-A61B-68419944F701} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {87DE09A6-0A20-44AF-9ECC-173BF2339374} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.)
Task: {8934D95E-BD1D-4B60-A7AA-28FD77234F91} - System32\Tasks\Anvirlauncher => C:\Program Files (x86)\AnVir Task Manager Free\anvirlauncher.exe [2016-02-28] (AnVir Software)
Task: {9331D4AE-B609-43C9-A4F8-B611DEFF68FA} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {A06C3BF2-C5E5-417C-AE66-C08BCDCCC271} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {A228AF77-7ABF-4820-A6E7-DA52E1BF7474} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {A61B8BBA-960E-417E-B619-DE3911B4B16E} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2016-03-03] ()
Task: {AC925663-4A09-4B04-A33D-931EF33440D9} - System32\Tasks\{81F0B437-B032-4F42-869E-9200A9004B28} => c:\program files (x86)\opera\launcher.exe [2018-08-07] (Opera Software)
Task: {ADDFE40F-97EB-4137-90F2-DFF443367FF5} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-16] (Adobe Systems Incorporated)
Task: {B211236C-FE4B-41DA-8712-37B56F7D9092} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [2018-08-16] (Adobe Systems Incorporated)
Task: {BBB5FFB3-5780-4C21-BA21-95B793B6AFC4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BCD4E4EC-D945-40F3-9E6A-E0BAFB278317} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-04] (Synaptics Incorporated)
Task: {DF167F93-F3BA-4561-93FC-768E43939C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.)
Task: {EDDC835F-5FFF-47DA-8849-A24D9414705E} - System32\Tasks\Core Temp Autostart d => C:\Program Files\Core Temp\Core Temp.exe [2018-05-20] (ALCPU)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-04-19 07:32 - 2015-09-01 15:41 - 000095008 _____ () C:\windows\System32\Primomonnt.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-12 12:06 - 2013-08-12 12:06 - 000198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 12:06 - 2013-08-12 12:06 - 000054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 12:06 - 2013-08-12 12:06 - 000034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2017-01-15 23:31 - 2017-01-15 23:31 - 000012704 _____ () C:\Program Files\Prio\prio_svc.exe
2016-07-25 16:40 - 2016-07-25 16:40 - 000486264 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
2015-12-17 12:13 - 2015-12-17 12:13 - 004930560 _____ () C:\Users\d\Desktop\acv507\ArsClip.exe
2018-05-28 23:51 - 2018-07-23 17:17 - 000864112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\kpcengine.2.3.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000966512 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000343912 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000139120 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000360304 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000040816 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000499568 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000081768 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000114536 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000089968 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000073576 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000298864 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000978800 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000339816 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000126824 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000175984 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2018-04-12 19:09 - 2015-05-21 14:32 - 002403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000188272 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2014-04-11 09:48 - 2013-10-15 06:10 - 000541683 _____ () C:\Program Files (x86)\CyberLink\NEC Move Media Server\sqlite3.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 002317688 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iOSDevice.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 001362808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscCore.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000180088 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscMods.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000152952 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Network.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000402808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\TSLib.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000668536 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\UICore.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000044920 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Common.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000385912 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MediaUtil.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000548728 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Sqlite.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000103288 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\ZLib.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-31 10:45 - 2011-01-31 10:45 - 000559244 _____ () C:\Program Files (x86)\Linkman\sqlite3.dll
2018-08-08 19:10 - 2018-08-08 19:10 - 087838296 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\opera_browser.dll
2018-08-08 19:10 - 2018-08-08 19:10 - 000177240 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\message_center_win8.dll
2018-08-08 19:10 - 2018-08-08 19:10 - 003871320 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\libglesv2.dll
2018-08-08 19:10 - 2018-08-08 19:10 - 000086616 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\libegl.dll
2013-10-21 02:36 - 2013-08-08 06:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-04-05 20:03 - 2018-07-25 01:56 - 001106736 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\KasperskyLab.Ksde.NativeInterop.dll
2015-12-13 12:33 - 2015-12-13 12:33 - 000100864 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Scripts.dll
2015-12-13 12:33 - 2015-12-13 12:33 - 000044032 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Hotkeys.dll
2015-12-13 12:33 - 2016-02-23 12:21 - 000144896 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\ContextMenu.dll
2015-12-13 12:33 - 2015-12-13 12:33 - 000031744 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\SaveFile.dll
2015-12-13 12:33 - 2015-12-13 17:15 - 000061952 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Macros.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]
AlternateDataStreams: C:\ProgramData\Temp:8EFFFE8D [294]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\stwfp => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.reg: \shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit =>  <==== ATTENTION
HKLM\...\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Classes\.bat: batfile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\google.com -> hxxps://docs.google.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2017-08-01 22:33 - 000000853 _____ C:\windows\system32\Drivers\etc\hosts

127.0.0.1 cryptomator-vault

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "IntelAntiTheftDiscoveryAppIECNotifier"
HKLM\...\StartupApproved\Run: => "AtrioSide"
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\StartupFolder: => "Telegram.lnk"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "WhatsApp"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F9D643D3-8497-43E4-98F3-38E716915A8E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E8B770A5-FA45-4D44-B58C-F97DD1977577}] => (Allow) LPort=2869
FirewallRules: [{900BB167-AA6B-4D13-9555-03CB4DDAF294}] => (Allow) LPort=1900
FirewallRules: [{D6F18BAF-16DE-469C-A520-9004AC0498C0}] => (Allow) C:\Program Files (x86)\AOS Technologies\ファイナルパソコンデータ引越� 9 plus for NEC\pcmover.exe
FirewallRules: [TCP Query User{A744A787-26B6-4CBF-AC16-D8B16B6CD448}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3611C606-8BCD-4157-B7F0-97CA21424398}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{0B623E7A-4890-41D8-8372-1C130AC8A356}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{09F7B869-195F-40C6-B266-6B04AFB2884F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3C3010E4-90F7-42A7-89F9-E3444CF94B06}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe
FirewallRules: [{AE7790C2-8769-41C5-841F-8D2AD8D9BA01}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe
FirewallRules: [{7BAC5F7A-284F-4108-9BC5-B75C3D72552E}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe
FirewallRules: [{9FFB909A-2927-4085-8066-0879D3AA0793}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe
FirewallRules: [{F9D77D4C-761D-430E-88CB-D1B7A52097C8}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe
FirewallRules: [{11F3629D-245B-451A-A98E-64DFBD07B295}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe
FirewallRules: [{56F4AF8E-57F8-41B4-A65A-0FBBA6C76B40}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe
FirewallRules: [{13C3D64E-22F7-4BA1-B58B-53265677C553}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe
FirewallRules: [{A0C999BA-C8BC-4281-8601-73750E5F1723}] => (Allow) LPort=8501
FirewallRules: [{32AB8D67-D054-4A79-8823-614FFEF6E01F}] => (Allow) LPort=8501
FirewallRules: [{505DA236-3A56-424B-9B99-EBB755EEC9AA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A902F6FB-3298-44B9-93ED-191D82C26CB9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{689C272A-0ECD-47F8-88F6-904975F51D79}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe
FirewallRules: [UDP Query User{11A1A67E-B038-48B3-89AB-F8F4F0268BB7}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe
FirewallRules: [{2117A44D-9AF0-4D84-A6FA-C2CE767375A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82444FCE-8B73-4EE6-9321-D147BB55E475}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E0FF1427-02F7-4FCF-B605-AA7720FECB39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C149F272-279C-452B-9C7D-9C93C179E6AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DEE3F7CC-FEC2-4054-9A70-A29139DE0761}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB91DF20-D673-499C-B644-030D9703474B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E815151-6904-496A-AC2D-72FC22009C49}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe
FirewallRules: [{3F403557-C2A9-4DB4-A08F-AAA175CF45EA}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe
FirewallRules: [{A0292E51-FA3B-40A5-86B6-A69410C15431}] => (Allow) C:\Windows\SysWOW64\fltw.exe
FirewallRules: [{F59F9572-DAA8-49A7-B8B8-87D14203E726}] => (Allow) C:\Windows\SysWOW64\fltw.exe
FirewallRules: [{21B8CF93-A8AF-49E0-A5A8-4D90D71EA1F4}] => (Allow) C:\Windows\SysWOW64\wstw.exe
FirewallRules: [{A664E965-6F9C-4904-97B3-664A88C6C5D6}] => (Allow) C:\Windows\SysWOW64\wstw.exe
FirewallRules: [{596BBBC2-6C69-43DD-A9E3-2EAF611B034C}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe
FirewallRules: [{F3158699-F2C2-4B4D-9C97-8EDE44D0C91A}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe
FirewallRules: [{C69239FF-06A3-4D0A-9444-F72972E53490}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe
FirewallRules: [{B4EFD6D8-6BAD-4D07-B5B5-6B2D0EFF9D69}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe
FirewallRules: [TCP Query User{B21120BA-3F16-452E-89E6-243273EEED0C}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [UDP Query User{05154D90-C128-45AD-880F-BC2AEC21295A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [TCP Query User{0095AFA1-906D-40EB-8740-81E092A2EA5B}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe
FirewallRules: [UDP Query User{D4BFC90B-A4EE-47CF-8E06-21798F2B4FC7}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe
FirewallRules: [{6DC437CD-3BEE-4A60-81F8-8B67FC3E055E}] => (Block) C:\program files\second copy\seccopy.exe
FirewallRules: [{3EF30085-232D-450A-A5C2-2484F10431B5}] => (Block) C:\program files\second copy\seccopy.exe
FirewallRules: [TCP Query User{35AEFCDE-F23F-4FD9-AE70-CB0DDF2953CA}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe
FirewallRules: [UDP Query User{D6AA058A-D730-4D0C-804C-63DE46208040}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe
FirewallRules: [TCP Query User{C339E5B9-07F3-463F-8D92-10E98B07F74E}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe
FirewallRules: [UDP Query User{36EE777D-F32F-4484-8CFA-A540C211237B}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe
FirewallRules: [TCP Query User{290EC45F-8ECA-465A-8550-807F15B4CB76}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe
FirewallRules: [UDP Query User{7FB492CB-F6F5-4EE0-864F-95F55A6DFDEB}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe
FirewallRules: [{A27C0608-11DD-46B0-93E8-8CB7D21E4418}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5A3641B2-C624-4A94-8FA9-DE244F8FC639}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F164DD20-6078-4B81-961C-083B0FF25404}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FBB6CB95-B7E6-4818-B62D-6724C436E3B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{103298D7-C2C7-4895-AF93-CD4A59B6C354}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{6833B99D-A1FD-4788-ACC3-3B5D8B6FDB81}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{2DC48355-FECA-488E-8202-684BD0D8D84C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{F6EF11B6-6AEA-4BAE-AA20-E91C42F7AD1F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{18F0E74C-3ACE-4781-B413-F0D422BB63CF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{863A523D-C261-4A82-A2A7-27447A8FC2F4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{FD947FEC-53B3-4BED-B0A8-4DA463021FCA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{D2B23179-C9B9-491E-AC91-B68A0C8ED660}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{84B862B7-8779-41D9-9055-94DBAC95D6DA}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.40\opera.exe
FirewallRules: [{50BD2E1A-D1D7-4D61-BBF1-54EBD9BBBC3A}] => (Allow) C:\Program Files (x86)\Opera developer\53.0.2885.0\opera.exe
FirewallRules: [{06476787-1BB0-4434-A169-C039F0E60556}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{5D961AE6-CB90-49AD-86B7-26B54B099719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2A8C58E0-93CA-4A29-A307-B6DE1FCED428}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9B9C6AEE-6B22-4E95-8D70-08F24E69290C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{82536828-3DCD-485E-B8A8-5ABF9005A3A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7CBB4B9B-D49D-4CEB-A6F3-F5616BB0653B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FC410A5-86DB-49D8-BD08-9989673770EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7ABA5E4A-1B70-4A10-B38E-CFA6AA3B0C7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5587DB5B-9321-4905-BC86-BFA9BDDE3795}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F627D117-A01C-456C-93BC-7264C3A4FFEC}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
FirewallRules: [{3F72EC62-9A98-40DB-BEEB-7E2F44976DA7}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3037.0\opera.exe
FirewallRules: [{2CD1F32B-A7E8-4079-AD1A-20A3A188A14C}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
FirewallRules: [{BE925581-CA7C-4454-A982-95444FC76D7D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{D85E2CCA-81C2-493D-936B-6659F467F804}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{9B61E9B1-13F4-4D9F-BCAB-650459099F1D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{602E8DE6-890B-4FAA-8647-4F8602E5A1FA}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3045.0\opera.exe

==================== Restore Points =========================

04-08-2018 05:31:02 スケジュール�れ��ェック�イント
13-08-2018 03:46:21 スケジュール�れ��ェック�イント

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2018 08:18:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm dopus.exe, Version 5.0.1.62 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 29e0

Startzeit: 01d436175cc35641

Endzeit: 32108

Anwendungspfad: C:\Program Files\GPSoftware\Directory Opus\dopus.exe

Berichts-ID: cf730fb2-a249-11e8-83bf-b0819159027b

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/17/2018 12:44:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dopus.exe, Version: 5.0.1.62, Zeitstempel: 0x575a0f47
Name des fehlerhaften Moduls: dopus.exe, Version: 5.0.1.62, Zeitstempel: 0x575a0f47
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000224cff
ID des fehlerhaften Prozesses: 0x2280
Startzeit der fehlerhaften Anwendung: 0x01d435530fe81e2f
Pfad der fehlerhaften Anwendung: C:\Program Files\GPSoftware\Directory Opus\dopus.exe
Pfad des fehlerhaften Moduls: C:\Program Files\GPSoftware\Directory Opus\dopus.exe
Berichtskennung: 95c6606a-a20a-11e8-83bf-b0819159027b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/17/2018 12:05:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 80070005).

Error: (08/16/2018 04:54:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AkelPad.exe, Version: 4.9.7.0, Zeitstempel: 0x566d49e1
Name des fehlerhaften Moduls: Scripts.dll, Version: 18.2.0.0, Zeitstempel: 0x566d4960
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001145
ID des fehlerhaften Prozesses: 0x1750
Startzeit der fehlerhaften Anwendung: 0x01d43553dc6ba35e
Pfad der fehlerhaften Anwendung: C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
Pfad des fehlerhaften Moduls: C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Scripts.dll
Berichtskennung: 3fa707b9-a164-11e8-83bf-b0819159027b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/16/2018 04:33:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0085513f
ID des fehlerhaften Prozesses: 0x13f4
Startzeit der fehlerhaften Anwendung: 0x01d43509831c587c
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: c0f41eaa-a0fc-11e8-83bf-b0819159027b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/16/2018 04:33:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: StartSU.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
   bei SU_Loader.suLogingCl..ctor()
   bei SU_Loader.Program.Main()

Error: (08/16/2018 02:22:28 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Windows RE" wurde aufgrund eines Fehlers nicht optimiert: パラメーター�間������。 (0x80070057)

Error: (08/16/2018 02:10:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AkelPad.exe, Version: 4.9.7.0, Zeitstempel: 0x566d49e1
Name des fehlerhaften Moduls: Scripts.dll, Version: 18.2.0.0, Zeitstempel: 0x566d4960
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001145
ID des fehlerhaften Prozesses: 0x2e90
Startzeit der fehlerhaften Anwendung: 0x01d434e30864823f
Pfad der fehlerhaften Anwendung: C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
Pfad des fehlerhaften Moduls: C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Scripts.dll
Berichtskennung: c67c6def-a0e8-11e8-83be-fcf8aeb4d133
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (08/17/2018 05:06:51 PM) (Source: DCOM) (EventID: 10010) (User: lavie)
Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/17/2018 05:06:21 PM) (Source: DCOM) (EventID: 10010) (User: lavie)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/17/2018 03:39:17 PM) (Source: DCOM) (EventID: 10010) (User: lavie)
Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/17/2018 03:38:47 PM) (Source: DCOM) (EventID: 10010) (User: lavie)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/17/2018 01:56:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "アプリケーション固有" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (LRPC 使用)" keine Berechtigung vom Typ "ãƒ*ーカル アクティブ化" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "利用��" (SID: 利用��) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (08/17/2018 11:51:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "アプリケーション固有" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (LRPC 使用)" keine Berechtigung vom Typ "ãƒ*ーカル アクティブ化" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "利用��" (SID: 利用��) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (08/17/2018 11:28:58 AM) (Source: DCOM) (EventID: 10010) (User: lavie)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/17/2018 11:28:28 AM) (Source: DCOM) (EventID: 10010) (User: lavie)
Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


Windows Defender:
===================================
Date: 2015-01-09 19:21:31.368
Description: 
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {8696B0BA-C38C-47BC-A797-5B2D07EB3E49}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM

Date: 2015-01-03 21:22:13.756
Description: 
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {0CA8E64E-DB17-4DB1-8B14-A894D9352B2C}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM

Date: 2015-01-02 16:35:21.146
Description: 
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {0933CFEE-1894-4B97-8C90-DAF1E3EEA677}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM

Date: 2014-12-31 21:35:00.771
Description: 
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {DCB0C270-B8FB-4DD2-85A2-7C88B5326966}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM

Date: 2018-03-20 16:35:06.770
Description: 
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion: 
Vorherige Signaturversion: 1.235.2025.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT AUTHORITY\SYSTEM
Aktuelle Modulversion: 
Vorherige Modulversion: 1.1.13407.0
Fehlercode: 0x8024001e
Fehlerbeschreibung: ??????????????????????????????????????????????????????????????????????????????? 

Date: 2018-03-20 16:35:06.770
Description: 
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion: 
Vorherige Signaturversion: 1.235.2025.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT AUTHORITY\SYSTEM
Aktuelle Modulversion: 
Vorherige Modulversion: 1.1.13407.0
Fehlercode: 0x8024001e
Fehlerbeschreibung: ??????????????????????????????????????????????????????????????????????????????? 

CodeIntegrity:
===================================

Date: 2018-04-05 18:43:15.063
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:43:12.454
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:37:50.385
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:37:47.422
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:35:14.515
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:35:10.365
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:32:47.264
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:32:44.610
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 76%
Total physical RAM: 4015.7 MB
Available physical RAM: 954.75 MB
Total Virtual: 12719.7 MB
Available Virtual: 3827.02 MB

==================== Drives ================================

Drive c: (Windows 8.1) (Fixed) (Total:225.93 GB) (Free:138.81 GB) NTFS

\\?\Volume{66bded32-fb6e-43d4-af27-9da22351b9e4}\ (Windows RE) (Fixed) (Total:0.93 GB) (Free:0.61 GB) NTFS
\\?\Volume{2c42f2fe-9218-4f8d-bd84-2ae9dde67a23}\ (NEC-RESTORE) (Fixed) (Total:11.23 GB) (Free:3.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 7D73FA8C)

Partition: GPT.

==================== End of Addition.txt ============================
         

Zitat:

AV: Kaspersky Internet Security

Hi, bitte deinstallieren. Rechner mit dieser und ähnlicher Suite bereinige ich nicht.

Kaspersky wurde entfernt und es wurde neu gebootet.

(Ich hatte immer ESET, bis es ständig BSODs verursacht hat. ESET war nachweislich die Ursache für die BSODs.)

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!



adwCleaner v7.x

Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Einstellungen, scrolle nach unten und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • Tracing Schlüssel löschen
  • Prefetch-Dateien löschen
  • Proxy wiederherstellen
  • IE-Policies wiederherstellen
  • Chrome-Policies wiederherstellen
  • Winsock wiederherstellen
• Klicke nun auf Dashboard, dann auf Jetzt scannen und warte bis der Suchlauf abgeschlossen ist.
• Klicke nun auf Bereinigen & Reparieren und bestätige mit Jetzt bereinigen.
  
• WICHTIG:
  Sollte AdwCleaner nichts finden, klicke auf Grundlegende Reparatur ausführen und anschließend auf Jetzt bereinigen.
• Nach dem Neustart öffnet sich AdwCleaner automatisch. Klicke auf Log-Datei ansehen.
• Poste mir deren Inhalt der Log-Datei mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt. (xx = fortlaufende Nummer).

Ergebnis: Ein bisschen ungefährlicher PUP-Kram gefunden und entfernt:

Code: Alles auswählenAufklappen

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-08-13.2
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-18-2018
# Duration: 00:00:02
# OS:       Windows 8.1 Pro
# Cleaned:  13
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\d\AppData\Local\Temp\DMR
Deleted       C:\ProgramData\IOLO\SCU
Deleted       C:\Program Files (x86)\iolo\System Checkup
Deleted       C:\Users\d\AppData\Roaming\SecurityXploded

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\iolo SCU task one

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS
Deleted       HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS
Deleted       HKLM\Software\Wow6432Node\IOLO\System Checkup
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7027B04B-9076-44EF-BC3F-B062A5C7E483}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7027B04B-9076-44EF-BC3F-B062A5C7E483}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo SCU task one
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2470 octets] - [18/08/2018 00:25:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
         

Hat Kaspersky nicht aufgehalten.
adwcleaner bitte zwecks Kontrolle wiederholen

Alles ist jetzt clean bei Kontrolle.

Code: Alles auswählenAufklappen

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-08-13.2
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-18-2018
# Duration: 00:00:00
# OS:       Windows 8.1 Pro
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2470 octets] - [18/08/2018 00:25:21]
AdwCleaner[C00].txt - [2511 octets] - [18/08/2018 00:34:28]
AdwCleaner[S01].txt - [1364 octets] - [18/08/2018 01:05:43]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
         

Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

1. Windows-Defender-Definitionen sind jetzt aktuell (noch nicht in den Logs). Waren nicht geupdated, weil ich bisher einen Third-Party AV (das böse KIS) hatte.
2. Ärgerlich: Es sind immer noch ESET-Reste auf dem System, obwohl ich das Entfern-Tool verwendet hatte (eset firewall helper (service), sowie esihdrv.sys)
3. Wie immer wurden von mir ein paar Links zu selbst erstellten Dokumenten aus den Logs aus Datenschutzgründen entfernt.
4. Spende an Trojanerboard wurde getätigt. danke!
5. additional.txt kommt gleich noch nach.


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by d (administrator) on LAVIE (18-08-2018 11:34:42)
Running from C:\Users\d\Desktop
Loaded Profiles: d (Available Profiles: d)
Platform: Windows 8.1 Pro (Update) (X64) Language: Japanisch (Japan)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTSVC.exe
(NEC Personal Computers, Ltd.) C:\Windows\SysWOW64\NTMETER.exe
(NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftSvc.exe
() C:\Program Files\Prio\prio_svc.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\ScVssService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECMFK\necmfk.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBatt\nbSched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTPB.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NPSpeed\NPSpeed.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Outertech) C:\Program Files (x86)\Linkman\Linkman.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
(f.lux Software LLC) C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\d\Desktop\acv507\ArsClip.exe
(Steve Emmons) C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe
(Mad Dog Apps) C:\Program Files (x86)\Mad Dog Apps\BatteryMonitor\myBatteryMonitor.exe
(pXc-coding.com) C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe
(NEC Personal Computers, Ltd.) C:\Program Files\EcoViewer\ecomonsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [NECMFK] => C:\Program Files\necmfk\necmfk.exe [164176 2013-09-19] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [IntelAntiTheftDiscoveryAppIECNotifier] => C:\Program Files (x86)\Intel\Intel Anti-Theft Discovery App\IntelAntiTheftDiscoveryAppIECNotifier.exe [142336 2013-06-25] (Intel Corporation)
HKLM\...\Run: [NECBatt] => C:\Program Files\NECBatt\nbSched.exe [356688 2013-08-05] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [PeakShiftTool] => C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe [244576 2013-07-02] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [NECBTPB] => C:\Program Files\NECBoot\NECBTPB.EXE [2789304 2012-10-05] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-09-04] (Synaptics Incorporated)
HKLM\...\Run: [RcdSettings] => C:\Program Files\NEC\NECRcdSettings\RcdSettings.exe [924536 2013-08-27] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [NPSpeed] => C:\Program Files\NPSpeed\NPSpeed.exe [3215152 2013-10-08] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [AtrioSide] => C:\Program Files\NEC\AtrioSide\AtrioSide.exe [1193328 2013-09-17] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [SmartUpdate] => C:\Program Files (x86)\NEC\SmartUpdate\reservesu.exe [234232 2013-07-08] (NEC Personal Computers, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-03-16] (Apple Inc.)
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME}
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Linkman] => C:\Program Files (x86)\Linkman\Linkman.exe [1635200 2015-12-23] (Outertech)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [421240 2016-06-10] (GP Software)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [f.lux] => C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\SecCopy.exe [3128616 2013-01-28] (Centered Systems)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] ()
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [WhatsApp] => "C:\Users\d\AppData\Local\WhatsApp\app-0.2.5371\WhatsApp.exe"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [DVSFreeVideoCallRecorder] => "C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\FreeVideoCallRecorder.exe" /minimized
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [IntelliWebSearch] => C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe [224388 2011-04-08] (Michael Farrell)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: prio.dll => No File
AppInit_DLLs-x32: prio32.dll => No File
IFEO\sethc.exe: [Debugger] logonui.exe
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1580408 2016-06-10] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [350072 2016-06-10] (GP Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Alternative Flash Player Auto-Updater.lnk [2016-01-16]
ShortcutTarget: Alternative Flash Player Auto-Updater.lnk -> C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe (pXc-coding.com)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip - Verknüpfung.lnk [2016-01-25]
ShortcutTarget: ArsClip - Verknüpfung.lnk -> C:\Users\d\Desktop\acv507\ArsClip.exe ()
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryAlarm - Shortcut.lnk [2016-04-20]
ShortcutTarget: BatteryAlarm - Shortcut.lnk -> C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe (Steve Emmons)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-09-30]
ShortcutTarget: Telegram.lnk -> C:\Users\d\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-500\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1003\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 cryptomator-vault
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A589BE57-42CC-439B-99D1-70AED469ADBE}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> DefaultScope {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = 
SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2016-07-25] (iTools.hk)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2016-07-25] (iTools.hk)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} -  No File
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} -  No File

FireFox:
========
FF DefaultProfile: 2udj1tce.default
FF ProfilePath: C:\Users\d\AppData\Roaming\Postbox\Profiles\ify653so.default [2016-02-10]
FF ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default [2018-08-18]
FF Session Restore: Mozilla\Firefox\Profiles\2udj1tce.default -> is enabled.
FF Extension: (Grammarly for Firefox) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-08-09]
FF Extension: (Video DownloadHelper) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-09]
FF Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-27]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-19] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-16] ()
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] ()
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6

Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\Default [2018-08-03]
CHR Extension: (Präsentationen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-19]
CHR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-05-31]
CHR Extension: (Docs) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-19]
CHR Extension: (Google Drive) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-19]
CHR Extension: (YouTube) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-19]
CHR Extension: (Tab Count) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfokcacdaonnckdmopmcgeanhkebeaio [2018-07-30]
CHR Extension: (uBlock Origin) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-03]
CHR Extension: (Tab Glutton) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2018-06-25]
CHR Extension: (Tabellen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-05]
CHR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05]
CHR Extension: (Linkman) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchnedaeogijkjjkjigbijhbcanbdjkc [2018-05-05]
CHR Extension: (Google Mail) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-05]

Opera: 
=======
OPR Session Restore: -> is enabled.
OPR Extension: (Simple = Select + Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2017-09-11]
OPR Extension: (Instant Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aamgapdgopfdmokckpkfciiddpahbbcg [2017-09-11]
OPR Extension: (Google Übersetzer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-02]
OPR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aejcgigcjcdcbdkdbeiclbpekcjddapp [2016-01-17]
OPR Extension: (Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\afmdpmddiokpdknaeofdnlclbpgehhce [2018-07-25]
OPR Extension: (TransOver) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2018-08-08]
OPR Extension: (SimpleUndoClose) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aipamoaneebnhkfefefbfmhimclgafig [2018-02-19]
OPR Extension: (Redirect Bypasser) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\akalifnifmgdmgmjoaiaflkeahpbkghe [2017-05-04]
OPR Extension: (Oxford Dictionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbhgfdkgegllnkmnpidalgbgdghilnha [2016-11-10]
OPR Extension: (Select like a Boss) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfigpnfillonohmonbadflnapjejfkgm [2017-10-21]
OPR Extension: (V7 Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjcegonlhkkclkkglpgjmgnigefhkak [2018-01-14]
OPR Extension: (smartUp Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjfekefhjemchdeigphccilhncnjldn [2018-06-27]
OPR Extension: (AdGuard Werbeblocker) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2018-05-19]
OPR Extension: (V7 Bookmarks) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpmgfnikhlpakdkeeahboleoommganka [2018-04-27]
OPR Extension: (Forvo pronunciation) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccpodfblfjampgmdfllpclalbdckflmi [2017-10-21]
OPR Extension: (TrafficLight) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfnpidifppmenkapgihekkeednfoenal [2018-04-11]
OPR Extension: (archive.is Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgjpabpjaocpgppajkeplhbipbdippdm [2018-04-08]
OPR Extension: (OneTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-12-12]
OPR Extension: (ZenMate VPN - Top Internet Security & Unblock) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2018-07-21]
OPR Extension: (Shortkeys) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnjnhmmmdopghhihpeoafpkkanlagfjf [2016-04-18]
OPR Extension: (Simple Mouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cpbbhbiceidealbcfgodcffnfneffopd [2018-06-08]
OPR Extension: (Avast Online Security) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-20]
OPR Extension: (Search by Image (by Google)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-03-06]
OPR Extension: (Card Numbers for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ddadhlcejiholmdiihbdcfoapdfkhicn [2017-02-28]
OPR Extension: (Tabs Backup & Restore) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2017-12-22]
OPR Extension: (Just Read) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dgmanlpmmkibanfdgjocnabmcaclkmod [2018-08-18]
OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-28]
OPR Extension: (Copy All Urls) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2017-11-19]
OPR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2018-08-11]
OPR Extension: (SurfEasy VPN - Sicherheit, Privatsphäre, Entsperrung) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2018-05-07]
OPR Extension: (Google search link fix) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eckgbkpcmkeamlbhpcifhnijehlcogip [2018-04-12]
OPR Extension: (Session Buddy) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
OPR Extension: (HTTPS Everywhere) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2018-06-22]
OPR Extension: (Copyfish �� Free OCR Software) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eenjdnjldapjajjofmldgmkjaienebbj [2018-01-29]
OPR Extension: (VTchromizer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\efbjojhplkelaegfbieplglfidafgoka [2018-04-11]
OPR Extension: (Tabs Outliner) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2017-12-22]
OPR Extension: (Sort Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ejlljbnghfnfihpiifjaojopfkbgknoi [2016-04-18]
OPR Extension: (Copytables) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekdpkppgmlalfkphpibadldikjimijon [2017-10-21]
OPR Extension: (Tab Glutton) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2017-02-28]
OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekmmelpnmfdegjhnmadddcfjcahpajnm [2018-08-08]
OPR Extension: (Vertical Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eknjllkeehiiakhmgjjdoempaocgemkg [2017-03-20]
OPR Extension: (Wrona History Menu) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\encidpibliikeaimjmlimnnbjjpnfppl [2016-04-18]
OPR Extension: (All in one web searcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\enofjgiadilpmldfknojklfjbeaooiap [2017-09-11]
OPR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fcfpagpiibkilokeihmaggjgheaemgbi [2017-12-17]
OPR Extension: (Text Lesegerät (Text zu Sprache)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdffijlhedcdiblbingmagmdnokokgbi [2017-11-19]
OPR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2018-04-06]
OPR Extension: (SimpleUndoClose.test) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjjibgcfnmpcdipdfamlcghkphflpcfb [2017-04-16]
OPR Extension: (1Password extension (desktop app required)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnbobholfpcolmkinlokiaaanjilcop [2018-06-27]
OPR Extension: (Scroll to Top) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbefdhcpnalckelncafcbmdifclnlmce [2017-11-20]
OPR Extension: (Linkman) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbeghboempnjlacepdnkgnpplgjadpnl [2014-06-18]
OPR Extension: (Classic Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbekmpnpfkkijbodegokaigmhedbbkmg [2016-01-16]
OPR Extension: (SimpleTabOrder) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcphmfnknfenaigpefdlmnbgnjaebjim [2018-02-19]
OPR Extension: (XTranslate) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfgpkepllngchpmcippidfhmbhlljhoo [2018-05-28]
OPR Extension: (SimpleExtManager) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ggfngijafepjalmbhefafhdeedobcdbf [2018-05-28]
OPR Extension: (Super Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme [2017-11-19]
OPR Extension: (Etymonline) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\giehjnnlopapngdjbjjgddpaagoimmgl [2018-01-04]
OPR Extension: (Selection Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2018-07-26]
OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2018-07-21]
OPR Extension: (Google Right-Click Multi-Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hacdkngldbgplmdlmdhgiehbmmlckmea [2017-09-13]
OPR Extension: (Ultimello, the features pack for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hahbfgjfimnmogoinnenhheepfcphnmm [2018-06-22]
OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2018-05-05]
OPR Extension: (Video Autoplay Blocker by Robert Sulkowski) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiefnnpeemndbkjphkiffdfjbgaapifa [2016-01-17]
OPR Extension: (DotVPN — a better way to VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2018-05-19]
OPR Extension: (JavaScript Toggle On and Off) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hldheaackmkeadbfdaiidijnilnbgifo [2018-04-04]
OPR Extension: (V7 Gmail Zoom) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnfpfgoekopajiblcenihlclkgphkgmn [2017-04-13]
OPR Extension: (I don't care about cookies) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\iambaeepkgdclnmbfdnnohkjjpdglbeo [2018-08-01]
OPR Extension: (Sprachenfilter für Wikipedia) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibgceajjjioihilfcdppneoljcaofokk [2018-05-28]
OPR Extension: (Wiktionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibncmbgpniokogofpkjnlcpfpiodoppk [2017-10-21]
OPR Extension: (Wolfram|Alpha (Official)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2017-11-19]
OPR Extension: (Text to Speech (TTS)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ifnfkcmbdaelhfkpkoncangcnhieanmj [2017-10-21]
OPR Extension: (Malwarebytes Browser Extension) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-08-16]
OPR Extension: (Reader View) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ikmhokpogledimpnfdbcgondkbmfkfjc [2018-06-04]
OPR Extension: (Social Fixer for Facebook) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\inficfabgpfjiegjgnhmjdagmhlmakoo [2018-06-27]
OPR Extension: (Disable HTML5 Autoplay) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jbinbhipioellbajhbkjlpioadehpfdj [2016-08-03]
OPR Extension: (YouTube High Definition) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcdpccclajomeaeeoggbhglfomndjgfp [2016-02-06]
OPR Extension: (Close Duplicate Tab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcmhmgmojlljfpfnmlbnipanelaliikl [2016-07-28]
OPR Extension: (CloseTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdclfnplpfhdgcmafpbodpejpdnbfhpb [2016-04-20]
OPR Extension: (Translate Web Page) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jggobmlojchhlngdhmmdghgganciigof [2016-02-03]
OPR Extension: (Font Changer with Google Web Fonts™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2017-11-28]
OPR Extension: (User-Agent Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2017-11-19]
OPR Extension: (Save To The Wayback Machine) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkoddmeemofcjjeckgiddpgdbnnafoib [2018-05-10]
OPR Extension: (Search Window) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmjjleckcgnlmampjifnllbdhkobinbl [2017-12-17]
OPR Extension: (View Image - \) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2018-08-18]
OPR Extension: (Grammarly for Chrome) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-16]
OPR Extension: (The Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbgapjibpomfdnhllkbijmolmnhloona [2016-04-18]
OPR Extension: (uBlock Origin) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-07-19]
OPR Extension: (Stylus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdinfjomkigjcjcbigolloleeiianaif [2018-07-16]
OPR Extension: (Leo Dictionary Widget) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kepemmpmljphklmpfgfmhpjhpdlccpke [2017-10-14]
OPR Extension: ( Copy URLs ) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgmdofgghbeipjnddielphhhecgnppab [2016-04-18]
OPR Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khgbdhkpcapllhgfekjegcinegfhjbmi [2018-04-09]
OPR Extension: (V7 Sessions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmbgihnlknbjgjhmekjeoidpfimabpp [2016-11-10]
OPR Extension: (Install Chrome Extensions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-08-18]
OPR Extension: (Force Download) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\klahcccondnnonafcbcdgbahphglbjjg [2017-12-11]
OPR Extension: (Flash Player for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knbfimhapmnifdchcafinkbfikmomaak [2016-12-15]
OPR Extension: (etymon one-click search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knhbicgmdmcjehdpmipibiebegaoiecc [2017-09-16]
OPR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19]
OPR Extension: (Direct links for Google Image) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lbbpfcajcbdmfhkkleloodefhanneljl [2018-04-12]
OPR Extension: (Disable Extensions Temporarily) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lcfdefmogcogicollfebhgjiiakbjdje [2017-09-13]
OPR Extension: (Wikimedia Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclegfmhkjbcpiikogacbfbpdgfbdifi [2017-11-19]
OPR Extension: (Free Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfkfikiejjfhpfbpgfolfkkdjpepmkal [2018-04-18]
OPR Extension: (Sidebar for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljkgfkfopogmclcinephnaeekjiikibd [2017-09-27]
OPR Extension: (V7 Drag) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmmhflhfcljkioicbckchnpfiffcjkjp [2017-11-19]
OPR Extension: (Nehmen Sie Screenshot der Webseite - FireShot) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-01-08]
OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2017-11-19]
OPR Extension: (Tab Close Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfkclbfmlbdmjhndmdbbcmlnhojgopdd [2016-04-18]
OPR Extension: (CLEAN crxMouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mjidkpedjlfnanainpdfnedkdlacidla [2017-11-20]
OPR Extension: (About://Internal Pages) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpkgnldklpemphbfogboacnljgfpnkme [2016-07-28]
OPR Extension: (Video Speed Controller) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-07-08]
OPR Extension: (Copy URL + Title) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhmdngoiikdcodlpeifbjcjpjhefipal [2016-04-18]
OPR Extension: (Save to Pocket) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2018-07-08]
OPR Extension: (Violent monkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-11-19]
OPR Extension: (Scroll To Top Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\njdplanogllnioicoadncjfgfhdnnpha [2018-08-08]
OPR Extension: (dict-cc) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-10-07]
OPR Extension: (SaveFrom.net Helfer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2018-08-18]
OPR Extension: (Better History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\obciceimmggglbmelaidpjlmodcebijb [2017-12-22]
OPR Extension: (Enhancer for YouTube) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2018-08-01]
OPR Extension: (Zoom Popup) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofpknbbbohcgomapfgcgadleckdagikj [2016-04-18]
OPR Extension: (Google™ Translator Sidebar) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ogmklpmbehclccahgccdnhjipkmmjaom [2017-08-15]
OPR Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-07-19]
OPR Extension: (Open Multiple URLs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oifijhaokejakekmnjmphonojcfkpbbh [2017-11-21]
OPR Extension: (LEO Wörterbuchsuche) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp [2018-01-08]
OPR Extension: (Mercury Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2018-06-10]
OPR Extension: (Mate Translate – Übersetzer, Wörterbuch) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2018-07-10]
OPR Extension: (V7 History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oneajlghdhobcelcgbgkjaipjoopcggg [2017-08-11]
OPR Extension: (Remove cookie(s) for the current domain) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\opbghiaphmcbefjfoihikkbpjaoanala [2017-03-16]
OPR Extension: (FlexyTrello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pggiemacedhgohmpcgdpceckeicjlgfn [2018-01-05]
OPR Extension: (Context Menus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\phlfmkfpmphogkomddckmggcfpmfchpn [2017-11-20]
OPR Extension: (Extract Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pibjcpkpaecbpifdkbehcicaoaejkaie [2016-04-18]
OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2018-08-01]
OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll []
OPR Extension: (Enhancer for YouTube™) - C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_22_0_0_192.dll []
StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files (x86)\Opera developer\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
R2 AS ContentsDL; C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe [70520 2013-09-17] (NEC Personal Computers, Ltd.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2018-04-09] (AOMEI Tech Co., Ltd.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-03-29] (Digital Wave Ltd.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel)
R2 ecomonsv; C:\Program Files\EcoViewer\ecomonsv.exe [280496 2012-12-04] (NEC Personal Computers, Ltd.)
R2 ibtsiva; C:\windows\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd)
S4 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [363144 2016-02-05] (Mailbird)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S4 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2016-12-17] (StagWare) [File not signed]
R2 NEC Move Media Server Monitor Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe [134920 2013-12-16] (CyberLink)
R2 NEC Move Media Server Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe [375560 2013-12-16] (CyberLink)
R2 NECBT SERVICE; C:\Program Files\NECBoot\NECBTSVC.exe [237496 2012-10-05] (NEC Personal Computers, Ltd.)
S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft)
R2 NT Meter; c:\windows\syswow64\NTMETER.exe [98672 2013-05-08] (NEC Personal Computers, Ltd.)
S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 PeakShiftSvc; C:\Program Files\PeakShiftTool\PeakShiftSvc.exe [289624 2013-07-02] (NEC Personal Computers, Ltd.)
R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12704 2017-01-15] ()
R2 ScVssService64; C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [75048 2013-01-28] (Centered Systems)
S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [183568 2018-03-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [X]
S2 EaseUS Agent; "C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe" [X]
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S4 watchtw; C:\windows\SysWOW64\wtwatch.exe [X]
S2 WebServTw; C:\windows\SysWOW64\wstw.exe [X]
S4 wtflserv; C:\windows\SysWOW64\fltw.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\windows\System32\ambakdrv.sys [51120 2016-12-21] ()
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [171952 2016-12-21] ()
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [38320 2017-09-01] ()
S3 esihdrv; C:\Users\d\AppData\Local\Temp\esihdrv.sys [149928 2018-04-09] (ESET) <==== ATTENTION
R0 EUBAKUP; C:\windows\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] () [File not signed]
R1 EUDSKACS; C:\windows\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\windows\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [231400 2017-05-19] (Intel Corporation)
R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R1 MFKGTKEY; C:\windows\system32\drivers\mfkgtkey.sys [26960 2013-09-19] (NEC Personal Computers, Ltd.)
R1 MpKsl0a0bb4dc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4906AF21-577E-4C64-8CCC-AE47539E0D6C}\MpKsl0a0bb4dc.sys [58120 2018-08-18] (Microsoft Corporation)
R3 necbatt; C:\windows\System32\drivers\necbatt.sys [19760 2013-06-20] (NEC Personal Computers, Ltd.)
R3 necextif; C:\windows\System32\drivers\necextif.sys [26448 2013-06-21] (NEC Personal Computers, Ltd.)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3521032 2017-11-08] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 Ps2Led; C:\windows\system32\DRIVERS\Ps2Led.sys [18768 2013-09-19] (NEC Personal Computers, Ltd.)
R1 Ps2LedIF; C:\windows\system32\drivers\ps2ledif.sys [16208 2013-09-19] (NEC Personal Computers, Ltd.)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows (R) Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [31856 2017-03-23] (Windows (R) Win 7 DDK provider)
R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-07-18] (Corel Corporation)
R3 RadioSwitchHID; C:\windows\System32\drivers\RadioSwitchHID.sys [19456 2012-08-24] (NEC Personal Computers, Ltd.)
S3 RTLU3E8023-W8-64; C:\windows\system32\DRIVERS\rtu30x64w8.sys [70656 2013-06-18] (Realtek )
R3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R0 Sahdad64; C:\windows\System32\Drivers\Sahdad64.sys [28304 2013-07-23] (Corel Corporation)
R0 Saibad64; C:\windows\System32\Drivers\Saibad64.sys [20112 2013-07-23] (Corel Corporation)
R1 SaibVdAd64; C:\windows\System32\Drivers\SaibVdAd64.sys [27792 2013-07-23] (Corel Corporation)
R3 VBoxNetAdp; C:\windows\system32\DRIVERS\VBoxNetAdp6.sys [198032 2018-02-26] (Oracle Corporation)
R1 VBoxNetLwf; C:\windows\system32\DRIVERS\VBoxNetLwf.sys [208392 2018-02-26] (Oracle Corporation)
S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [125008 2015-12-18] (Oracle Corporation)
S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2017-09-24] (OpenLibSys.org)
R1 wtfilter_6589; C:\windows\System32\drivers\wtfilter_6589.sys [86488 2017-02-06] ()
R3 ALSysIO; \??\C:\Users\d\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
U0 aswVmm; no ImagePath
S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X]
S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-18 11:34 - 2018-08-18 11:35 - 000050634 _____ C:\Users\d\Desktop\FRST.txt
2018-08-18 00:19 - 2018-08-18 00:34 - 000000000 ____D C:\AdwCleaner
2018-08-18 00:09 - 2018-08-18 00:12 - 007417040 _____ (Malwarebytes) C:\Users\d\Downloads\adwcleaner_7.2.2.exe
2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Downloads\FRST64.exe
2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Desktop\FRST64.exe
2018-08-17 20:16 - 2018-08-17 20:16 - 000016853 _____ C:\Users\d\Downloads\Download.htm
2018-08-17 20:14 - 2018-08-18 11:34 - 000000000 ____D C:\FRST
2018-08-16 00:30 - 2018-07-19 09:06 - 007371616 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-08-16 00:30 - 2018-07-19 08:48 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-08-16 00:30 - 2018-07-19 08:15 - 025745408 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-08-16 00:30 - 2018-07-19 06:35 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-08-16 00:30 - 2018-07-19 06:33 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-08-16 00:30 - 2018-07-19 06:33 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-08-16 00:30 - 2018-07-19 06:30 - 005778432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2018-08-16 00:30 - 2018-07-19 06:21 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-08-16 00:30 - 2018-07-19 06:05 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-08-16 00:30 - 2018-07-19 06:03 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-08-16 00:30 - 2018-07-19 06:01 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-08-16 00:30 - 2018-07-19 05:55 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-08-16 00:30 - 2018-07-19 05:55 - 000099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2018-08-16 00:30 - 2018-07-19 05:54 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-08-16 00:30 - 2018-07-19 05:47 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-08-16 00:30 - 2018-07-19 05:46 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-08-16 00:30 - 2018-07-19 05:45 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-08-16 00:30 - 2018-07-19 05:45 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-08-16 00:30 - 2018-07-19 05:43 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-08-16 00:30 - 2018-07-19 05:32 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-08-16 00:30 - 2018-07-19 05:31 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-08-16 00:30 - 2018-07-19 05:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-08-16 00:30 - 2018-07-19 05:28 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-08-16 00:30 - 2018-07-19 05:20 - 001554944 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-08-16 00:30 - 2018-07-19 05:17 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2018-08-16 00:30 - 2018-07-19 05:09 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-08-16 00:30 - 2018-07-19 05:09 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-08-16 00:30 - 2018-07-19 05:06 - 001329152 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-08-16 00:30 - 2018-07-19 05:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-08-16 00:30 - 2018-07-13 09:51 - 002452824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-08-16 00:30 - 2018-07-07 20:33 - 001548632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2018-08-16 00:30 - 2018-07-07 19:05 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-08-16 00:30 - 2018-07-07 19:02 - 000096768 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2018-08-16 00:30 - 2018-07-07 19:00 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2018-08-16 00:30 - 2018-07-07 18:33 - 000078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2018-08-16 00:30 - 2018-07-07 18:31 - 000113664 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2018-08-16 00:30 - 2018-07-06 19:37 - 001754624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2018-08-16 00:30 - 2018-07-06 18:36 - 001491968 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2018-08-16 00:30 - 2018-06-30 20:00 - 001113952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2018-08-16 00:30 - 2018-06-27 20:10 - 000559104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\csc.sys
2018-08-16 00:30 - 2018-06-27 19:48 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\CscMig.dll
2018-08-16 00:30 - 2018-06-24 17:11 - 000748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-08-16 00:30 - 2018-06-24 17:04 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-08-16 00:30 - 2018-06-19 15:38 - 003611136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2018-08-16 00:30 - 2018-06-19 15:38 - 003321344 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2018-08-16 00:30 - 2018-06-19 15:31 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2018-08-16 00:30 - 2018-06-19 15:29 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2018-08-16 00:30 - 2018-06-16 17:03 - 002779136 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-08-16 00:30 - 2018-06-16 16:59 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-08-16 00:30 - 2018-06-15 06:34 - 000923512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2018-08-16 00:30 - 2018-06-15 04:12 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2018-08-16 00:30 - 2018-06-15 03:55 - 000840192 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2018-08-16 00:30 - 2018-06-15 03:43 - 000186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2018-08-16 00:30 - 2018-06-15 03:26 - 000514560 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2018-08-16 00:30 - 2018-06-15 03:22 - 000866304 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2018-08-16 00:30 - 2018-06-15 03:19 - 000399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2018-08-16 00:30 - 2018-06-08 20:47 - 000083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-08-16 00:29 - 2018-07-19 06:23 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-08-16 00:29 - 2018-07-19 05:53 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-08-16 00:29 - 2018-07-19 05:34 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-08-16 00:29 - 2018-07-19 05:28 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-08-16 00:29 - 2018-06-15 04:28 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-08-16 00:29 - 2018-06-15 04:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-08-11 07:55 - 2018-08-11 07:55 - 759471852 _____ C:\windows\MEMORY.DMP
2018-08-11 07:55 - 2018-08-11 07:55 - 000296888 _____ C:\windows\Minidump\081118-7421-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-18 11:33 - 2014-06-11 01:27 - 000003868 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A885AFCF-DEDA-4845-AD42-3903A4A06B09}
2018-08-18 02:48 - 2014-06-12 21:16 - 000011354 _____ C:\windows\system32\perfh007.dat
2018-08-18 02:48 - 2014-06-12 21:16 - 000006212 _____ C:\windows\system32\perfc007.dat
2018-08-18 02:48 - 2013-08-28 09:06 - 000018338 _____ C:\windows\system32\PerfStringBackup.INI
2018-08-18 02:48 - 2013-08-23 00:47 - 000005884 _____ C:\windows\system32\perfc011.dat
2018-08-18 02:48 - 2013-08-23 00:47 - 000005820 _____ C:\windows\system32\perfh011.dat
2018-08-18 02:48 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf
2018-08-18 01:25 - 2014-06-11 01:30 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417334993-2898295356-3386692794-1001
2018-08-18 01:16 - 2014-07-05 21:58 - 000000000 ____D C:\Users\d\AppData\Local\CrashDumps
2018-08-18 01:09 - 2016-01-16 12:36 - 000000000 ____D C:\Program Files (x86)\Alternative Flash Player Auto-Updater
2018-08-18 01:08 - 2016-07-25 16:40 - 000003332 _____ C:\windows\System32\Tasks\iToolsDaemon
2018-08-18 01:08 - 2016-01-16 12:43 - 000000000 ____D C:\Users\d\Desktop\acv507
2018-08-18 01:07 - 2018-04-12 19:10 - 000000082 _____ C:\windows\SysWOW64\winsevr.dat
2018-08-18 01:07 - 2018-04-12 19:09 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2018-08-18 01:07 - 2016-01-11 12:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-08-18 01:07 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-18 00:39 - 2016-02-27 04:33 - 000000000 ____D C:\Users\d\AppData\Local\ClassicShell
2018-08-18 00:34 - 2017-08-17 18:04 - 000000000 ____D C:\ProgramData\iolo
2018-08-18 00:34 - 2017-08-17 18:04 - 000000000 ____D C:\Program Files (x86)\iolo
2018-08-18 00:34 - 2017-06-30 00:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-08-18 00:34 - 2014-06-17 04:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-18 00:33 - 2016-12-05 16:31 - 000000000 ____D C:\Users\d\AppData\LocalLow\Mozilla
2018-08-18 00:32 - 2016-06-16 16:20 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-18 00:09 - 2018-02-19 17:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-08-17 23:44 - 2013-08-22 17:36 - 000000000 ___HD C:\windows\ELAMBKUP
2018-08-17 23:43 - 2016-01-11 12:20 - 000000000 ____D C:\Program Files\Common Files\AV
2018-08-17 16:39 - 2016-10-12 16:25 - 000000000 ____D C:\Users\d\Desktop\_Current
2018-08-17 01:32 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\ELAM
2018-08-16 16:15 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache
2018-08-16 04:31 - 2016-06-03 21:44 - 000003882 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1464983063
2018-08-16 04:31 - 2016-06-03 21:44 - 000000000 ____D C:\Program Files (x86)\Opera developer
2018-08-16 04:29 - 2014-06-12 22:14 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-16 04:24 - 2013-08-22 16:44 - 000602656 _____ C:\windows\system32\FNTCACHE.DAT
2018-08-16 04:23 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\BBI
2018-08-16 04:22 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData
2018-08-16 02:12 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp
2018-08-16 01:55 - 2016-04-19 07:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-16 00:45 - 2017-10-21 23:08 - 000004514 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-08-16 00:45 - 2017-10-21 23:08 - 000004378 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-08-16 00:45 - 2013-08-22 17:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-08-16 00:45 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\Macromed
2018-08-16 00:06 - 2018-03-14 07:02 - 000004244 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-08-13 15:49 - 2018-03-21 15:19 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-08-13 08:25 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness
2018-08-11 08:09 - 2014-06-11 01:25 - 000000000 ____D C:\Users\d
2018-08-11 07:55 - 2014-07-05 22:35 - 000000000 ____D C:\windows\Minidump
2018-08-10 00:38 - 2018-05-05 20:25 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 00:38 - 2018-05-05 20:25 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-08 19:10 - 2014-06-12 22:14 - 000003862 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1402604082
2018-08-04 01:46 - 2013-08-22 17:38 - 000836480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-08-04 01:46 - 2013-08-22 17:38 - 000181120 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-26 20:36 - 2016-01-11 13:09 - 000000000 ____D C:\windows\system32\appraiser
2018-07-26 20:26 - 2017-05-13 20:36 - 000002086 _____ C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ____D C:\ProgramData\Skype
2018-07-25 20:50 - 2016-01-23 02:31 - 000000000 ____D C:\Users\d\AppData\Roaming\Skype
2018-07-19 19:55 - 2016-04-19 08:31 - 000000000 ____D C:\Users\d\AppData\Roaming\PrimoPDF

==================== Files in the root of some directories =======

2004-02-06 21:06 - 2004-02-06 21:06 - 000000000 ____H () C:\ProgramData\sdpsenv.dat
2018-07-18 08:04 - 2018-07-18 08:04 - 000000600 _____ () C:\Users\d\AppData\Local\PUTTY.RND
2018-01-13 16:54 - 2018-01-13 16:54 - 000000218 _____ () C:\Users\d\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2016-06-17 10:37 - 2016-06-17 10:37 - 003045232 _____ (AnVir Software) C:\Users\d\AppData\Local\Temp\AnVir.exe
2016-04-19 08:35 - 2016-04-19 08:35 - 008108488 _____ () C:\Users\d\AppData\Local\Temp\converter.exe
2014-06-19 00:36 - 2014-06-19 00:36 - 000374208 _____ (ESET) C:\Users\d\AppData\Local\Temp\InstHelper.exe
2016-11-03 20:36 - 2016-11-03 20:36 - 000737856 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-27 05:24 - 2017-01-27 05:24 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-05-04 14:05 - 2017-05-04 14:05 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-07-21 17:36 - 2017-07-21 17:36 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-11-24 13:32 - 2017-11-24 13:32 - 001856576 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-03-28 00:30 - 2018-03-28 00:30 - 001864256 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-04-25 06:46 - 2018-04-25 06:46 - 001884616 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u171-windows-au.exe
2016-03-23 22:16 - 2016-03-23 22:16 - 000736320 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-07-04 06:55 - 2016-07-04 06:55 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-02-09 23:54 - 2016-01-31 21:51 - 000041432 _____ () C:\Users\d\AppData\Local\Temp\kh_5552.dll
2014-06-17 04:32 - 2014-03-25 00:55 - 000099096 _____ () C:\Users\d\AppData\Local\Temp\LMkRstPt.exe
2017-05-29 05:06 - 2017-05-29 05:06 - 001457312 _____ (Sysinternals - www.sysinternals.com) C:\Users\d\AppData\Local\Temp\loeschen64.exe
2016-02-09 23:54 - 2016-01-31 21:51 - 000038872 _____ () C:\Users\d\AppData\Local\Temp\mh_5552.dll
2016-06-03 21:44 - 2016-06-03 21:44 - 001086464 _____ (Opera Software) C:\Users\d\AppData\Local\Temp\Opera_installer_2016634422903.dll
2016-12-16 03:25 - 2018-07-10 21:46 - 065875720 _____ (Paramount Software UK Ltd) C:\Users\d\AppData\Local\Temp\reflectPatch.exe
2016-02-09 05:18 - 2018-07-25 20:51 - 057812744 _____ (Skype Technologies S.A.) C:\Users\d\AppData\Local\Temp\SkypeSetup.exe
2018-04-09 15:53 - 2018-04-09 15:53 - 004845696 _____ (ESET) C:\Users\d\AppData\Local\Temp\SysInspector.exe
2015-12-31 14:07 - 2015-12-31 14:08 - 031948192 _____ (IDM Computer Solutions, Inc.) C:\Users\d\AppData\Local\Temp\uc_english.exe
2017-05-10 12:32 - 2017-05-10 12:32 - 014456872 _____ (Microsoft Corporation) C:\Users\d\AppData\Local\Temp\vc_redist.x86.exe
2015-08-03 01:58 - 2015-08-03 01:58 - 000118784 _____ () C:\Users\d\AppData\Local\Temp\xmlUpdater.exe
2016-02-09 23:52 - 2013-07-06 17:02 - 001520544 _____ (Pitrinec Software) C:\Users\d\AppData\Local\Temp\~cbu_tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-17 04:06

==================== End of FRST.txt ============================
         

--- --- ---

--- --- ---

Hinweis:
- Einige Passwort-Cracker, Kryoptographieprogramme und einen Keylogger hatte ich selbst mal installiert. Der PC ist schon recht lang im Einsatz und es hat sich einiger Kram angesammelt, sorry.
- Auch Kaspersky hat Reste hinterlassen (Upgrade Launcher). Echt ärgerlich.

Erneut Danke.

Addition.txt:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by d (18-08-2018 11:37:09)
Running from C:\Users\d\Desktop
Windows 8.1 Pro (Update) (X64) (2014-06-10 23:25:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1417334993-2898295356-3386692794-500 - Administrator - Disabled)
d (S-1-5-21-1417334993-2898295356-3386692794-1001 - Administrator - Enabled) => C:\Users\d
Guest (S-1-5-21-1417334993-2898295356-3386692794-501 - Limited - Disabled)
___VMware_Conv_SA___ (S-1-5-21-1417334993-2898295356-3386692794-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
7+ Taskbar Tweaker v5.2.1 (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\7 Taskbar Tweaker) (Version: 5.2.1 - RaMMicHaeL)
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Abelssoft Undeleter (HKLM-x32\...\{1FB7B731-3479-4128-8299-A53922E47675}_is1) (Version: 4.2 - Abelssoft)
AbleWord v3.0 (HKLM-x32\...\AbleWord_is1) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
AkelPad 4.9.7 (HKLM-x32\...\AkelPad) (Version: 4.9.7 - )
Alternative Flash Player Auto-Updater (HKLM-x32\...\{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1) (Version: 1.2.0.1 - pXc-coding.com)
Anki (HKLM-x32\...\Anki) (Version:  - )
AnVir Task Manager Free (HKLM-x32\...\AnVir Task Manager Free) (Version:  - AnVir Software)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.0.0.0 - iMobie Inc.)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-Bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.)
ASF-AVI-RM-WMV Repair 1.82 (HKLM-x32\...\ASF-AVI-RM-WMV Repair_is1) (Version:  - Repair Video, Inc.)
Battery Alarm (HKLM-x32\...\{B7A43DA2-F2FD-44C2-A044-D24C3751C1BD}) (Version: 1.0.0 - Steve Emmons)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
BatteryMonitor (HKLM-x32\...\{F9046ACF-EF0A-47D6-8D37-64941CCCD4C0}) (Version: 1.0.0 - Mad Dog Apps)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bluefish 2.2.10 (HKLM-x32\...\Bluefish) (Version: 2.2.10 - The Bluefish Developers)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ChildWebGuardian PRO version 5.11.0.0 (HKLM-x32\...\ChildWebGuardian PRO_is1) (Version: 5.11.0.0 - Zimin Sergei Aleksandrovich IP)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU)
CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3223 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DigiBookBrowser Version 1.5.3.87 (HKLM-x32\...\{21357E10-BDCB-4CDD-B2A3-905DD7ED653D}_is1) (Version: 1.5.3.87 - LECRE Inc.)
doPDF (HKLM\...\{B271A7AA-588F-418F-8F65-37E38CBEABB2}) (Version: 8.5.940 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{fb478b24-519a-43d4-aeea-9a6712d28811}) (Version: 8.5.940 - Softland)
EaseUS Todo Backup Home 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
ECOみえグラフ (HKLM\...\{01F84262-DBC2-4B4D-8C4A-1C82D2CD88AA}) (Version: 1.5.0 - NEC Personal Computers, Ltd.)
ECOモード設定ツール (HKLM\...\{1D2AF0E5-3B07-4B0F-98BD-03F0918BC367}) (Version: 5.7.0 - NEC Personal Computers, Ltd.)
EditPlus (64 bit) (HKLM\...\EditPlus) (Version:  - ES-Computing)
EF Process Manager (HKLM-x32\...\EF Process Manager) (Version:  - EFSoftware)
EmEditor (64-bit) (HKLM\...\{36CC25CA-2E71-4839-A822-0D1EC0E52145}) (Version: 15.7.2 - Emurasoft, Inc.)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
ExactFile 1.0.0.15 (HKLM-x32\...\ExactFile_is1) (Version:  - StudyLamp Software LLC)
f.lux (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Flux) (Version:  - f.lux Software LLC)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.73.328 - Digital Wave Ltd)
Geany 1.26 (HKLM-x32\...\Geany) (Version: 1.26 - The Geany developer team)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
GPSoftware Directory Opus (HKLM-x32\...\{0A6AA615-5321-43A0-AFAE-97BF95013EA0}) (Version: 11.19 - GPSoftware)
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
iMazing 2.5.4.0 (HKLM\...\iMazing_is1) (Version: 2.5.4.0 - DigiDNA)
iMyfone D-Back 4.5.1.0 (HKLM-x32\...\{071B9303-5881-4BC6-B9E9-2E2D22C015C1}_is1) (Version: 4.5.1.0 - Shenzhen iMyfone Technology Co., Ltd.)
Intel Anti-Theft Discovery App (HKLM-x32\...\{B59285B4-6478-4FE2-9158-AAC7E4D892C3}) (Version: 1.1.2.8 - Intel Corporation)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.7.0.179 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}) (Version: 2.1.03638 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3338 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.3.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{396E9B28-F15F-4C05-A401-99DE1874C2CA}) (Version: 4.2.40.2439 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000071-0190-1031-84C8-B8D95FA3C8C3}) (Version: 19.71.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
IntelliWebSearch v.3 (HKLM-x32\...\IntelliWebSearch) (Version: 3.2.0.5 - Michael Farrell)
IntelliWebSearch v.5 (HKLM-x32\...\IntelliWebSearch5) (Version:  - Michael Farrell)
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan)
iTools 3 (HKLM-x32\...\ThinkSky) (Version:  - Shenzhen Thinksky Technology Co., Ltd.)
Java 10.0.1 (64-bit) (HKLM\...\{D33DF729-38BB-5651-9D40-93BFEFB5DCED}) (Version: 10.0.1.0 - Oracle Corporation)
jEdit 5.3.0 (HKLM\...\jEdit_is1) (Version: 5.3.0 - Contributors)
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
KeyboardTest V3.2 (HKLM\...\KeyboardTest_is1) (Version: 3.2 - PassMark Software)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
LibreOffice 6.0.5.2 (HKLM\...\{9645CDEF-085C-45F7-A3CD-B4B7046EF78C}) (Version: 6.0.5.2 - The Document Foundation)
Linkman (HKLM-x32\...\Linkman) (Version: 8.98 - Outertech)
Macrium Reflect Free Edition (HKLM\...\{1A399324-9784-4384-927F-0FEA922BC516}) (Version: 7.1.3317 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Mailbird (HKLM-x32\...\{242E441B-2194-4499-9EE7-2AA76C5E2318}) (Version: 2.2.1 - Mailbird)
Malwarebytes Version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
MicroDicom DICOM viewer 2.2.5 (HKLM-x32\...\MicroDicom) (Version: 2.2.5 - MicroDicom)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (de-DE, Hedda) (HKLM-x32\...\{ACFCC7B5-C028-40AE-A5F5-9778B41F22A2}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{e7784e4f-df08-46b2-8c4f-f981ee32bcff}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mnemosyne 2.5 (HKLM-x32\...\Mnemosyne_is1) (Version:  - )
Mouse Speed Switcher v3.4.0 (HKLM-x32\...\{D477774F-C7C1-4D63-B170-7242090BA710}_is1) (Version:  - Gianpaolo Bottin)
Movie Maker (HKLM-x32\...\{970F982A-E889-486B-BB26-B8598280D924}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
music.jp PLAY 4.0 (HKLM-x32\...\music.jp PLAY_is1) (Version: 4.0 - Ventis Media Inc.)
NoteBook FanControl (HKLM-x32\...\{00111A7A-77A7-4AC6-A272-A56DFAD517E7}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare) Hidden
NoteBook FanControl (HKLM-x32\...\{666d9f07-291b-44a5-b86f-d5240e78692d}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NoteTab 7 Trial (Remove only) (HKLM-x32\...\NoteTab 7 Trial_is1) (Version: 7.2 - Fookes Holding Ltd)
novaPDF 8 Printer Driver (HKLM\...\{F9F62525-05B6-4AD7-8D30-0D872CC1FB3C}) (Version: 8.5.940 - Softland)
novaPDF 8 SDK COM (x64) (HKLM\...\{2A16E811-1C7B-4483-96F7-226C8D738F34}) (Version: 8.5.940 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{A6DF899D-5518-4DAB-A4F9-F7D0CDD43224}) (Version: 8.5.940 - Softland)
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
Opera developer 56.0.3045.0 (HKLM-x32\...\Opera 56.0.3045.0) (Version: 56.0.3045.0 - Opera Software)
Opera Stable 54.0.2952.71 (HKLM-x32\...\Opera 54.0.2952.71) (Version: 54.0.2952.71 - Opera Software)
Oracle VM VirtualBox 5.1.34 (HKLM\...\{2FDA51A1-BCE0-40C6-9EC9-7778F72525C9}) (Version: 5.1.34 - Oracle Corporation)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
PDF-XChange Editor (HKLM\...\{5C198985-6833-4F92-BE9A-33FC8ACC1025}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{344e7cdb-4fda-4dc1-9dd8-1fa7b1694d7c}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.)
PhoneRescue (HKLM-x32\...\PhoneRescue) (Version: 3.1.2.0 - iMobie Inc.)
Pinta 1.6 (HKLM-x32\...\{833CBF68-0FE7-44A4-86E6-71DE50A30465}) (Version: 1.6.0.0 - Pinta Community) Hidden
Pinta 1.6 (HKLM-x32\...\{aaa32734-ca38-494d-836c-f41822d11ed5}) (Version: 1.6.0.0 - Pinta Community)
Play.net (HKLM-x32\...\{8CE3D78F-7B81-46F5-977A-12DBA2CB5B9A}) (Version: 2.1.6 - NEC Personal Computers, Ltd.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Postbox (4.0.8) (HKLM-x32\...\Postbox (4.0.8)) (Version: 4.0.8 (en-US) - Postbox, Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Prio (HKLM\...\Prio) (Version: 2.1.0.4391 - )
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.0.0.276 - Bitsum)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala)
PyKeylogger - Simple Python Keylogger (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\PyKeylogger) (Version: 1.2.1 - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Roxio Creator LJ (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.2.43.19 - Roxio)
Second Copy 8 (HKLM-x32\...\Second Copy 8_is1) (Version: 8.1.2.0 - Centered Systems)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Skype Version 8.27 (HKLM-x32\...\Skype_is1) (Version: 8.27 - Skype Technologies S.A.)
Smart Update (HKLM-x32\...\{EA65772D-1999-462B-BFC0-480A9515ABCC}) (Version: 2.0.2.0 - NECパーソナルコンピュータ株式会社)
SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.) Hidden
SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\InstallShield_{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.)
SmEdit v1.170 (HKLM-x32\...\SmEdit) (Version: 1.170 - Sinner Computing)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SuperMemo (HKLM-x32\...\SuperMemo) (Version: 17.11 - SuperMemo World)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.8 - Synaptics Incorporated)
Syncios Data Recovery 1.0.9 (HKLM-x32\...\Syncios Data Recovery) (Version: 1.0.9 - Anvsoft)
System Checkup 4.0 (HKLM-x32\...\{918D30D3-AD9B-43A8-9EF7-463075DC93CD}_is1) (Version: 4.0.0.146 - iolo technologies, LLC)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
TED Notepad (HKLM-x32\...\TED Notepad) (Version: 6.0.2 - Medvedik, Juraj Simlovic)
Telegram Desktop Version 1.2.15 (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.15 - Telegram Messenger LLP)
TextPad 8 (HKLM\...\{861AB1C1-1967-4C4A-BF86-C255E2D2B8FD}) (Version: 8.0.0 - Helios)
UltraCompare (HKLM-x32\...\{C5337996-B87D-4CB8-A9D9-A9D66F27B88E}) (Version: 15.20.0.6 - IDM Computer Solutions, Inc.)
UltraEdit (HKLM\...\{AFFE5F64-3248-41E9-96AE-8B475F6EFAB3}) (Version: 22.20.0.49 - IDM Computer Solutions, Inc.)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
VEDIT 6.2 (HKLM-x32\...\Vedit) (Version:  - )
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
Vivaldi (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Vivaldi) (Version: 1.14.1077.45 - Vivaldi)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
WhatsApp (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\WhatsApp) (Version: 0.2.5371 - WhatsApp)
WhoCrashed 6.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - Intel (NETwNb64) net  (10/16/2017 19.10.10.2) (HKLM\...\87BD50FDDBB077656313DAABF938DE8C31D89265) (Version: 10/16/2017 19.10.10.2 - Intel)
Windows-Treiberpaket - Intel (NETwNb64) net  (10/31/2017 18.33.11.2) (HKLM\...\D6CC402604E3676A6C8B5028A493400358139A70) (Version: 10/31/2017 18.33.11.2 - Intel)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WMV Joiner version 1.1.2.8 (HKLM-x32\...\WMV Joiner_is1) (Version:  - )
Zimbra Desktop (64-bit) (HKLM\...\{9D3B5C7A-BB5B-4B92-8CF7-AE28F9E4C24A}) (Version: 7.2.8.12102 - Zimbra)
おすすめメニューNavi (HKLM\...\{69561DE9-373F-4273-AE2D-BD076E552C0C}) (Version: 2.2.1 - NEC Personal Computers, Ltd.)
おすすめ設定 (HKLM\...\{61558C29-0C3A-442B-A43C-C883B94E8929}) (Version: 1.0.0 - NEC Personal Computers, Ltd.)
おてがるバックアップ (HKLM-x32\...\{F353F974-64FF-44F5-AE2D-D079964C5685}) (Version: 4.6 - Roxio)
オンスクリーン表示の設定 (HKLM\...\{C8E0D8C6-7C6B-4EBE-B02A-C97E17796B97}) (Version: 1.0.0 - NEC Personal Computers, Ltd.)
クイックパワーオン (HKLM\...\{98916919-5ACD-415A-AA04-7B7B0A425BE6}) (Version: 1.1.0 - NEC Personal Computers, Ltd.)
ソフト＆サポートナビゲーター (HKLM-x32\...\{8AF94405-08BB-4CF6-8856-84C88EAA7ECA}) (Version: 1.5.7 - NEC Personal Computers, Ltd.)
ソフト＆サポートナビゲーター修正モジュール（2013年秋冬） (HKLM-x32\...\{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 -  ) Hidden
ソフト＆サポートナビゲーター修正モジュール（2013年秋冬） (HKLM-x32\...\InstallShield_{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 -  ) Hidden
ソフト＆サポートナビゲーター修正モジュール（Windows 8.1対応） (HKLM-x32\...\{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 -  ) Hidden
ソフト＆サポートナビゲーター修正モジュール（Windows 8.1対応） (HKLM-x32\...\InstallShield_{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 -  ) Hidden
バッテリ・リフレッシュ＆診断ツール (HKLM\...\{B3806CF1-829E-4280-BC3E-1636035908FD}) (Version: 1.12.0 - NEC Personal Computers, Ltd.)
パネルオープンパワーオンの設定 (HKLM\...\{D637EF1B-3B6A-4680-A2F2-ACB6BF464DFA}) (Version: 1.2.0 - NEC Personal Computers, Ltd.)
パワーオフUSB充電の設定 (HKLM\...\{DFA0E609-8481-4E32-828E-7311E4936F99}) (Version: 2.4.0 - NEC Personal Computers, Ltd.)
ピークシフト設定ツール (HKLM\...\{4F3E3604-F81F-4768-BD87-6A692338A847}) (Version: 1.3.0 - NEC Personal Computers, Ltd.)
ファイナルパソコンデータ引越し 9 plus for NEC (HKLM-x32\...\{EE57E154-979A-4C6D-8459-296B1526D3FE}) (Version: 7.00.629.0 - AOS Technologies)
フォト ギャラリー (HKLM-x32\...\{CAF46B72-12E2-4FE7-A348-45999E69E1FE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
ワンタッチスタートボタンの設定 (HKLM\...\{AB281E2C-FA39-4CC0-B1B0-3DF24AD5B3D0}) (Version: 1.19.1312 - NEC Personal Computers, Ltd.) Hidden
再セットアップメディア作成ツール (HKLM-x32\...\{157C8082-2627-4236-A6CC-B797CF91D576}) (Version: 6.2.0 - NEC Personal Computers, Ltd.)
筆ぐるめ 20 (HKLM-x32\...\{02D371DE-95DC-4F6F-A1A6-4C957D6721A9}) (Version: 20.00.0008 - 富士ソフト株式会社)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{05468442-062B-425B-A1E5-7DC9077C0734}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{070057DA-0223-4D7E-B886-7CF38806F044}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0C89916D-7B21-4578-805E-A62B6DB24B85}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0EAEF7F0-4566-4FC1-9170-8A02C4889CBD}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{110BD641-44EE-4E95-9CC9-0E21EDAB4A3B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1132C079-B5D2-47CC-8976-C03989AB1531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1153FA7B-6348-420B-B0BF-E6B63D9AA284}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{132C9446-2F32-4CBA-8C03-FB8C8FFECAF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{13526224-3C67-43AB-82A8-2740A138723E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{166669E8-3E01-4D42-B3C0-62FADDBAB00A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{181AC033-9534-4567-B173-6DA6525424E3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19261A68-E50E-497B-A0BA-9909C586A9D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19B119EA-A452-477B-8423-EAF115A29CEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1DEDC126-F5F3-48F1-9DB5-03D9BBC4F83E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1E65BA05-6325-4B65-9D63-97DF1FEC92BB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{22410B2E-909D-4A70-8234-C64A75F9B844}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{262E2007-2F51-430E-9F43-A2F4BE8AAB65}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2797C792-9879-47ED-944C-19EBE866FC24}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2847421D-1EE5-4356-AFB2-DFE4E9D61C68}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{28916419-ECF6-45F0-8F20-87024C3837F6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{295CEEF4-708C-48DB-8F3B-C30047A51281}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2BDB4786-A72C-4775-8FA4-A59967325612}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2CE81929-7B17-4394-ABBF-765AF900A3EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32515D47-A1DD-4E97-A8B9-4B92D517C8A8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32ABFD53-EC5A-4A31-8FB6-A0E8EEA4A31F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{35A48AC8-5632-4A47-B564-7B75321826E1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3932E526-705D-41B5-83FD-87D1DB82B6A7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3C0C7828-2BD0-4B57-B656-B5DB09550E73}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3DDC5BB3-A9B0-4787-B700-AD84FD0EB4D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3E7FF6D2-2973-4FA7-BDD8-1924AFDF2764}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{40BCE962-264C-452E-92E7-B5F35B3F2436}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{42AA6491-4D25-4054-AF0E-203B0780C144}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{43C9A239-A357-4176-9DED-49CFECD93C0B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{44AB264B-7136-4E41-A9AC-B9F876D162EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4B0CA027-383D-41E6-97D7-F5EDEBC4916F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4C7A1662-008F-4EDC-97D3-D4199B062B4A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAD847C-28D6-4EA2-A833-63AC04BBDB02}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAFD059-0F6A-4024-A81A-087CDB7D4633}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{51D11E0A-BF6C-4E44-8AB0-1AA8A2A73BF4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{58F1A0DF-3038-4DD1-BCF6-406DD6AA4D1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E0CBCC1-A35D-447F-923F-5783E22ED791}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E5558B7-1B65-4EA1-92F4-8E9567C2ABFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{606372CE-5093-4FD7-A37D-3CE22496B6F9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{61267647-B40C-4050-ACE4-985D93253DFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{62162BC5-8419-4241-980C-649CC91B1E1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6282C6EB-E17C-4617-B72B-DB671AC7ABDE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{638C2808-47DE-4CC6-99B5-789EB0C86D77}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6619B693-BB07-475B-B595-C77E4CD3EBEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{68F233B6-F8C3-4A96-9100-003BCDCE53B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6CA7C35E-1FC1-4C66-91A7-1FE5178F36A9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6DB6DF3B-0DF4-4C66-B0FD-216BA16A1D34}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{721088D3-BD36-468C-8916-B5F2074F8023}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{760A2160-66F5-42F2-AD7A-A62AD9756CDF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7660000A-03D2-476F-91FC-2D863D6DCC03}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7725641E-7AB5-49EE-922D-E703CDB98588}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{782485F1-AA61-4F5F-8A59-03B6D2FF91C1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7AAA42E5-5C43-48D1-B298-71146A878F7C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7E6249E7-95C5-40CF-8E15-0034BA49F49B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{849783D6-6561-434F-ACE1-8A67783ED4FF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{8ED73585-3AA8-41E2-A98B-85FE2857B420}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{9F92194F-9039-4E49-BB83-1168EC86ABD9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A1B66AF8-20FB-4B52-947E-60F2048A2821}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A57DB49B-ABA0-45BE-AA2D-28C13E2919D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A782D6BE-5799-406E-86E1-6C5442F0D902}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B032B620-06B1-4D98-B09E-9D5BD7CD3BEC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B0F43F65-6282-457A-AAFC-8B0597EB8591}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B3726FEF-1166-4B1C-AB33-1FD76AE2B0E7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B604EC25-0C5D-48DB-9E7C-243EDB3D84BF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B80972C9-AF80-4F71-BB2B-9CB1FAED19F0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BC5D198E-58DF-4267-BBDB-22FF193B255D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BF87ECFF-1A50-4CDD-BF9F-991EDCF75B1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C09AC76A-826E-491E-87E0-46807D8215A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3B42C03-C1B7-4c1a-B384-BBAE19646333}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3D9D1E2-08A6-4937-AC5B-AA1E9A0971B9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C4E34FA1-F051-4754-AC47-B946EA04031D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C85E45FD-576D-43FE-81C5-C4012999FEFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8618129-8966-4851-A99A-4EEF208620AF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8F46A32-4FE4-408C-9F91-7F06460F42AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CB2CFC1A-5069-475C-B4BD-621E2A9A3A1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CFB39FCE-8A04-479A-9248-0D3F45763954}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DAFE2BB3-20A0-45EA-A032-D42627572BCC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DCBA6A6C-FEBD-4BE5-B027-B59730A4BA22}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DF3FAE68-02A8-4A29-A254-D04E03E4058D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DFA026EA-2024-4088-8417-126A2E2D2486}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{EAE666EA-3CB0-403D-974F-5D8358DE67FA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F0E2DAE4-25FA-4638-B789-B01CA9B4329C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F2AC96B1-3579-4F87-9111-DC670C02BEEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F43FEE01-24DB-4AC9-8FCF-73F1CBECDD8C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F8069691-0850-4326-B317-D5AF35F5DFA0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F83118C7-0841-4A6C-BA28-855B24B17C1A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F93AD34F-D933-4BB7-917E-694DB52F82F8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FB3D4710-33E5-4E78-8BF5-CE34A431174F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FC48C6DE-CEEB-4774-9412-2FF5689A8C9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [EditPlus] -> {36D94110-787C-4828-9C1B-0DAFEBC36069} => C:\Program Files\EditPlus\eppshell64.dll [2015-07-07] ()
ContextMenuHandlers1: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2014-06-13] (Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2015-11-29] ()
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] ()
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraEdit] -> {b5eedee0-c06e-11cf-8c56-444553540000} => C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll [2015-12-15] ()
ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)
ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] ()
ContextMenuHandlers5_S-1-5-21-1417334993-2898295356-3386692794-1001: [DOpus] -> {B9DD4945-1BED-4CB7-994C-F40B72B7725A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FC94078-783C-4F45-9A83-EA7E687FF98A} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe
Task: {14C6A237-47B6-420D-98C7-B48C0E16B8BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {1C957448-077E-44CE-A9AF-942431EDCAAF} - System32\Tasks\Opera scheduled Autoupdate 1402604082 => C:\Program Files (x86)\Opera\launcher.exe [2018-08-07] (Opera Software)
Task: {49D7EB9A-811C-4735-80A0-C626241A15DD} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-26] (Oracle Corporation)
Task: {4AEAC1FC-86EF-4742-9F8F-B9BB85B7E32A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {56E998C4-C729-4325-8DA2-4D1C164BFFFA} - System32\Tasks\Opera scheduled Autoupdate 1464983063 => C:\Program Files (x86)\Opera developer\launcher.exe [2018-08-14] (Opera Software)
Task: {662EC505-D38A-4048-88F0-30F654CC04AC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-05-28] (AO Kaspersky Lab)
Task: {72475EF4-D144-4C6F-8F30-933D699AE0A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {74E6B7CD-C7A0-4552-8046-5B979C3B430F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-16] (Adobe Systems Incorporated)
Task: {7A7C5B78-C9AB-45BE-A61B-68419944F701} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {87DE09A6-0A20-44AF-9ECC-173BF2339374} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.)
Task: {8934D95E-BD1D-4B60-A7AA-28FD77234F91} - System32\Tasks\Anvirlauncher => C:\Program Files (x86)\AnVir Task Manager Free\anvirlauncher.exe [2016-02-28] (AnVir Software)
Task: {8A17FE54-DBCC-4FBA-98EA-FD88B993F327} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {9331D4AE-B609-43C9-A4F8-B611DEFF68FA} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {A06C3BF2-C5E5-417C-AE66-C08BCDCCC271} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {A228AF77-7ABF-4820-A6E7-DA52E1BF7474} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {A61B8BBA-960E-417E-B619-DE3911B4B16E} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2016-03-03] ()
Task: {AC925663-4A09-4B04-A33D-931EF33440D9} - System32\Tasks\{81F0B437-B032-4F42-869E-9200A9004B28} => c:\program files (x86)\opera\launcher.exe [2018-08-07] (Opera Software)
Task: {ADDFE40F-97EB-4137-90F2-DFF443367FF5} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-16] (Adobe Systems Incorporated)
Task: {B211236C-FE4B-41DA-8712-37B56F7D9092} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [2018-08-16] (Adobe Systems Incorporated)
Task: {BBB5FFB3-5780-4C21-BA21-95B793B6AFC4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BCD4E4EC-D945-40F3-9E6A-E0BAFB278317} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-04] (Synaptics Incorporated)
Task: {DC27D5DC-9313-4CC9-9BC6-F153E68E9FF3} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2016-07-25] ()
Task: {DF167F93-F3BA-4561-93FC-768E43939C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.)
Task: {E721563C-197D-47C4-9FE5-017A47B512F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {EDDC835F-5FFF-47DA-8849-A24D9414705E} - System32\Tasks\Core Temp Autostart d => C:\Program Files\Core Temp\Core Temp.exe [2018-05-20] (ALCPU)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-04-19 07:32 - 2015-09-01 15:41 - 000095008 _____ () C:\windows\System32\Primomonnt.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-12 12:06 - 2013-08-12 12:06 - 000198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 12:06 - 2013-08-12 12:06 - 000054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 12:06 - 2013-08-12 12:06 - 000034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2017-01-15 23:31 - 2017-01-15 23:31 - 000012704 _____ () C:\Program Files\Prio\prio_svc.exe
2016-07-25 16:40 - 2016-07-25 16:40 - 000486264 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
2015-12-17 12:13 - 2015-12-17 12:13 - 004930560 _____ () C:\Users\d\Desktop\acv507\ArsClip.exe
2018-04-12 19:09 - 2018-04-09 20:24 - 000966512 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000343912 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000139120 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000360304 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000040816 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000499568 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000081768 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000114536 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000089968 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000073576 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000298864 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000978800 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000339816 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000126824 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000175984 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2018-04-12 19:09 - 2015-05-21 14:32 - 002403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000188272 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2014-04-11 09:48 - 2013-10-15 06:10 - 000541683 _____ () C:\Program Files (x86)\CyberLink\NEC Move Media Server\sqlite3.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 002317688 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iOSDevice.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 001362808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscCore.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000180088 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscMods.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000152952 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Network.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000402808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\TSLib.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000668536 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\UICore.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000044920 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Common.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000385912 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MediaUtil.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000548728 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Sqlite.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000103288 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\ZLib.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-31 10:45 - 2011-01-31 10:45 - 000559244 _____ () C:\Program Files (x86)\Linkman\sqlite3.dll
2018-08-08 19:10 - 2018-08-08 19:10 - 087838296 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\opera_browser.dll
2018-08-08 19:10 - 2018-08-08 19:10 - 003871320 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\libglesv2.dll
2018-08-08 19:10 - 2018-08-08 19:10 - 000086616 _____ () C:\Program Files (x86)\Opera\54.0.2952.71\libegl.dll
2013-10-21 02:36 - 2013-08-08 06:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]
AlternateDataStreams: C:\ProgramData\Temp:8EFFFE8D [294]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\stwfp => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.reg: \shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit =>  <==== ATTENTION
HKLM\...\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Classes\.bat: batfile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\google.com -> hxxps://docs.google.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2017-08-01 22:33 - 000000853 _____ C:\windows\system32\Drivers\etc\hosts

127.0.0.1 cryptomator-vault

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "IntelAntiTheftDiscoveryAppIECNotifier"
HKLM\...\StartupApproved\Run: => "AtrioSide"
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "ChildWebGuardian PRO Agent"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\StartupFolder: => "Telegram.lnk"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Mailbird"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "DVSFreeVideoCallRecorder"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "WhatsApp"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F9D643D3-8497-43E4-98F3-38E716915A8E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E8B770A5-FA45-4D44-B58C-F97DD1977577}] => (Allow) LPort=2869
FirewallRules: [{900BB167-AA6B-4D13-9555-03CB4DDAF294}] => (Allow) LPort=1900
FirewallRules: [{D6F18BAF-16DE-469C-A520-9004AC0498C0}] => (Allow) C:\Program Files (x86)\AOS Technologies\ファイナルパソコンデータ引越し 9 plus for NEC\pcmover.exe
FirewallRules: [TCP Query User{A744A787-26B6-4CBF-AC16-D8B16B6CD448}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3611C606-8BCD-4157-B7F0-97CA21424398}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{0B623E7A-4890-41D8-8372-1C130AC8A356}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{09F7B869-195F-40C6-B266-6B04AFB2884F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3C3010E4-90F7-42A7-89F9-E3444CF94B06}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe
FirewallRules: [{AE7790C2-8769-41C5-841F-8D2AD8D9BA01}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe
FirewallRules: [{7BAC5F7A-284F-4108-9BC5-B75C3D72552E}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe
FirewallRules: [{9FFB909A-2927-4085-8066-0879D3AA0793}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe
FirewallRules: [{F9D77D4C-761D-430E-88CB-D1B7A52097C8}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe
FirewallRules: [{11F3629D-245B-451A-A98E-64DFBD07B295}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe
FirewallRules: [{56F4AF8E-57F8-41B4-A65A-0FBBA6C76B40}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe
FirewallRules: [{13C3D64E-22F7-4BA1-B58B-53265677C553}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe
FirewallRules: [{A0C999BA-C8BC-4281-8601-73750E5F1723}] => (Allow) LPort=8501
FirewallRules: [{32AB8D67-D054-4A79-8823-614FFEF6E01F}] => (Allow) LPort=8501
FirewallRules: [{505DA236-3A56-424B-9B99-EBB755EEC9AA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A902F6FB-3298-44B9-93ED-191D82C26CB9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{689C272A-0ECD-47F8-88F6-904975F51D79}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe
FirewallRules: [UDP Query User{11A1A67E-B038-48B3-89AB-F8F4F0268BB7}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe
FirewallRules: [{2117A44D-9AF0-4D84-A6FA-C2CE767375A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82444FCE-8B73-4EE6-9321-D147BB55E475}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E0FF1427-02F7-4FCF-B605-AA7720FECB39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C149F272-279C-452B-9C7D-9C93C179E6AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DEE3F7CC-FEC2-4054-9A70-A29139DE0761}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB91DF20-D673-499C-B644-030D9703474B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E815151-6904-496A-AC2D-72FC22009C49}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe
FirewallRules: [{3F403557-C2A9-4DB4-A08F-AAA175CF45EA}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe
FirewallRules: [{A0292E51-FA3B-40A5-86B6-A69410C15431}] => (Allow) C:\Windows\SysWOW64\fltw.exe
FirewallRules: [{F59F9572-DAA8-49A7-B8B8-87D14203E726}] => (Allow) C:\Windows\SysWOW64\fltw.exe
FirewallRules: [{21B8CF93-A8AF-49E0-A5A8-4D90D71EA1F4}] => (Allow) C:\Windows\SysWOW64\wstw.exe
FirewallRules: [{A664E965-6F9C-4904-97B3-664A88C6C5D6}] => (Allow) C:\Windows\SysWOW64\wstw.exe
FirewallRules: [{596BBBC2-6C69-43DD-A9E3-2EAF611B034C}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe
FirewallRules: [{F3158699-F2C2-4B4D-9C97-8EDE44D0C91A}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe
FirewallRules: [{C69239FF-06A3-4D0A-9444-F72972E53490}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe
FirewallRules: [{B4EFD6D8-6BAD-4D07-B5B5-6B2D0EFF9D69}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe
FirewallRules: [TCP Query User{B21120BA-3F16-452E-89E6-243273EEED0C}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [UDP Query User{05154D90-C128-45AD-880F-BC2AEC21295A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [TCP Query User{0095AFA1-906D-40EB-8740-81E092A2EA5B}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe
FirewallRules: [UDP Query User{D4BFC90B-A4EE-47CF-8E06-21798F2B4FC7}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe
FirewallRules: [{6DC437CD-3BEE-4A60-81F8-8B67FC3E055E}] => (Block) C:\program files\second copy\seccopy.exe
FirewallRules: [{3EF30085-232D-450A-A5C2-2484F10431B5}] => (Block) C:\program files\second copy\seccopy.exe
FirewallRules: [TCP Query User{35AEFCDE-F23F-4FD9-AE70-CB0DDF2953CA}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe
FirewallRules: [UDP Query User{D6AA058A-D730-4D0C-804C-63DE46208040}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe
FirewallRules: [TCP Query User{C339E5B9-07F3-463F-8D92-10E98B07F74E}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe
FirewallRules: [UDP Query User{36EE777D-F32F-4484-8CFA-A540C211237B}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe
FirewallRules: [TCP Query User{290EC45F-8ECA-465A-8550-807F15B4CB76}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe
FirewallRules: [UDP Query User{7FB492CB-F6F5-4EE0-864F-95F55A6DFDEB}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe
FirewallRules: [{A27C0608-11DD-46B0-93E8-8CB7D21E4418}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5A3641B2-C624-4A94-8FA9-DE244F8FC639}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F164DD20-6078-4B81-961C-083B0FF25404}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FBB6CB95-B7E6-4818-B62D-6724C436E3B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{103298D7-C2C7-4895-AF93-CD4A59B6C354}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{6833B99D-A1FD-4788-ACC3-3B5D8B6FDB81}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{2DC48355-FECA-488E-8202-684BD0D8D84C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{F6EF11B6-6AEA-4BAE-AA20-E91C42F7AD1F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{18F0E74C-3ACE-4781-B413-F0D422BB63CF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{863A523D-C261-4A82-A2A7-27447A8FC2F4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{FD947FEC-53B3-4BED-B0A8-4DA463021FCA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{D2B23179-C9B9-491E-AC91-B68A0C8ED660}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{84B862B7-8779-41D9-9055-94DBAC95D6DA}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.40\opera.exe
FirewallRules: [{50BD2E1A-D1D7-4D61-BBF1-54EBD9BBBC3A}] => (Allow) C:\Program Files (x86)\Opera developer\53.0.2885.0\opera.exe
FirewallRules: [{06476787-1BB0-4434-A169-C039F0E60556}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{5D961AE6-CB90-49AD-86B7-26B54B099719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2A8C58E0-93CA-4A29-A307-B6DE1FCED428}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9B9C6AEE-6B22-4E95-8D70-08F24E69290C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{82536828-3DCD-485E-B8A8-5ABF9005A3A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7CBB4B9B-D49D-4CEB-A6F3-F5616BB0653B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FC410A5-86DB-49D8-BD08-9989673770EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7ABA5E4A-1B70-4A10-B38E-CFA6AA3B0C7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5587DB5B-9321-4905-BC86-BFA9BDDE3795}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F627D117-A01C-456C-93BC-7264C3A4FFEC}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
FirewallRules: [{3F72EC62-9A98-40DB-BEEB-7E2F44976DA7}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3037.0\opera.exe
FirewallRules: [{2CD1F32B-A7E8-4079-AD1A-20A3A188A14C}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
FirewallRules: [{BE925581-CA7C-4454-A982-95444FC76D7D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{D85E2CCA-81C2-493D-936B-6659F467F804}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{9B61E9B1-13F4-4D9F-BCAB-650459099F1D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{602E8DE6-890B-4FAA-8647-4F8602E5A1FA}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3045.0\opera.exe

==================== Restore Points =========================

04-08-2018 05:31:02 スケジュールされたチェックポイント
13-08-2018 03:46:21 スケジュールされたチェックポイント

==================== Faulty Device Manager Devices =============

Name: Bluetooth デバイス (RFCOMM プロトコル TDI)
Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth デバイス (パーソナル エリア ネットワーク)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2018 01:16:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00d50a67
ID des fehlerhaften Prozesses: 0xddc
Startzeit der fehlerhaften Anwendung: 0x01d4368051a89d78
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 8f826dc5-a273-11e8-83c2-f05b999e8540
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/18/2018 01:16:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: StartSU.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
   bei SU_Loader.suLogingCl..ctor()
   bei SU_Loader.Program.Main()

Error: (08/18/2018 12:43:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005a0a67
ID des fehlerhaften Prozesses: 0x3d8
Startzeit der fehlerhaften Anwendung: 0x01d4367bbe62e49c
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: fc37a865-a26e-11e8-83c1-e4e5c75eee11
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/18/2018 12:43:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: StartSU.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
   bei SU_Loader.suLogingCl..ctor()
   bei SU_Loader.Program.Main()

Error: (08/18/2018 12:24:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00ae0a67
ID des fehlerhaften Prozesses: 0x910
Startzeit der fehlerhaften Anwendung: 0x01d4367907c64e7f
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 45ad0d99-a26c-11e8-83c0-de3aeaba4d53
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/18/2018 12:24:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: StartSU.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
   bei SU_Loader.suLogingCl..ctor()
   bei SU_Loader.Program.Main()

Error: (08/17/2018 08:33:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AkelPad.exe, Version: 4.9.7.0, Zeitstempel: 0x566d49e1
Name des fehlerhaften Moduls: Scripts.dll, Version: 18.2.0.0, Zeitstempel: 0x566d4960
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001145
ID des fehlerhaften Prozesses: 0x16cc
Startzeit der fehlerhaften Anwendung: 0x01d43572fc94b529
Pfad der fehlerhaften Anwendung: C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
Pfad des fehlerhaften Moduls: C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Scripts.dll
Berichtskennung: 1968fede-a24c-11e8-83bf-b0819159027b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/17/2018 08:18:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm dopus.exe, Version 5.0.1.62 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 29e0

Startzeit: 01d436175cc35641

Endzeit: 32108

Anwendungspfad: C:\Program Files\GPSoftware\Directory Opus\dopus.exe

Berichts-ID: cf730fb2-a249-11e8-83bf-b0819159027b

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (08/18/2018 03:37:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "アプリケーション固有" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (LRPC 使用)" keine Berechtigung vom Typ "ローカル アクティブ化" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "利用不可" (SID: 利用不可) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (08/18/2018 03:12:01 AM) (Source: DCOM) (EventID: 10010) (User: lavie)
Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/18/2018 03:11:31 AM) (Source: DCOM) (EventID: 10010) (User: lavie)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/18/2018 02:41:42 AM) (Source: DCOM) (EventID: 10010) (User: lavie)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/18/2018 02:41:12 AM) (Source: DCOM) (EventID: 10010) (User: lavie)
Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (08/18/2018 01:07:39 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/18/2018 01:07:35 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/18/2018 01:07:31 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572


Windows Defender:
===================================
Date: 2018-08-18 02:42:00.486
Description: 
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {ECA8B3E0-FC77-4A51-9543-69805FAB89ED}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM

Date: 2015-01-09 19:21:31.368
Description: 
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {8696B0BA-C38C-47BC-A797-5B2D07EB3E49}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM

Date: 2015-01-03 21:22:13.756
Description: 
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {0CA8E64E-DB17-4DB1-8B14-A894D9352B2C}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM

Date: 2015-01-02 16:35:21.146
Description: 
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {0933CFEE-1894-4B97-8C90-DAF1E3EEA677}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM

Date: 2014-12-31 21:35:00.771
Description: 
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {DCB0C270-B8FB-4DD2-85A2-7C88B5326966}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM

Date: 2018-03-20 16:35:06.770
Description: 
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion: 
Vorherige Signaturversion: 1.235.2025.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT AUTHORITY\SYSTEM
Aktuelle Modulversion: 
Vorherige Modulversion: 1.1.13407.0
Fehlercode: 0x8024001e
Fehlerbeschreibung: ??????????????????????????????????????????????????????????????????????????????? 

Date: 2018-03-20 16:35:06.770
Description: 
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion: 
Vorherige Signaturversion: 1.235.2025.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT AUTHORITY\SYSTEM
Aktuelle Modulversion: 
Vorherige Modulversion: 1.1.13407.0
Fehlercode: 0x8024001e
Fehlerbeschreibung: ??????????????????????????????????????????????????????????????????????????????? 

CodeIntegrity:
===================================

Date: 2018-04-05 18:43:15.063
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:43:12.454
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:37:50.385
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:37:47.422
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:35:14.515
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:35:10.365
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:32:47.264
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-05 18:32:44.610
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 76%
Total physical RAM: 4015.7 MB
Available physical RAM: 956.94 MB
Total Virtual: 12719.7 MB
Available Virtual: 8727.84 MB

==================== Drives ================================

Drive c: (Windows 8.1) (Fixed) (Total:225.93 GB) (Free:139.54 GB) NTFS
Drive f: (SD192GB) (Removable) (Total:183.33 GB) (Free:35.85 GB) NTFS

\\?\Volume{66bded32-fb6e-43d4-af27-9da22351b9e4}\ (Windows RE) (Fixed) (Total:0.93 GB) (Free:0.61 GB) NTFS
\\?\Volume{2c42f2fe-9218-4f8d-bd84-2ae9dde67a23}\ (NEC-RESTORE) (Fixed) (Total:11.23 GB) (Free:3.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 7D73FA8C)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 183.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
         

Da muss noch mehr alter unnötiger Krempel runter:

Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

• Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
• Klicke auf Optionen und wähle als Sprache Deutsch.
• Suche im Uninstallerfeld nach den Programmen:
  
  
  7-Zip 17.00 beta (x64)
  
  Adobe Acrobat Reader DC - Deutsch
  
  Adobe Flash Player 30 NPAPI
  
  Adobe Flash Player 30 PPAPI
  
  CrystalDiskInfo 7.0.5
  
  OpenOffice 4.1.3
  
  QuickTime 7
  
  
  
• Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
• Wähle anschließend den Modus "Moderat" aus.
  
• Reste löschen:
  Klicke auf dann auf und dann auf .

 

Hallo, ich habe Flash, Acrobat, CrystalDiskInfo und QuickTime mit Revo nun entfernt.

Was du gegen 7-Zip und OpenOffice hast, verstehe ich aber nicht. Manchmal macht LibreOffice Probleme, da ist OpenOffice ein geeignetes Fallback. Und 7-Zip ist eins der besten Zip-Programme, sehr hohe Kompatibilität. Das wird meines Wissens auch in Power-User-Kreisen empfohlen.

Oh: https://www.borncity.com/blog/2018/02/20/warnung-auf-7-zip-verzichten/
Das ist aber ärgerlich! So ein gutes Programm!!
OK, und OOo kommt auch runter.
Danke für die Hinweise.

### OK: ALLES ENTFERNT UND NEU GEBOOTET.

Beitrag nicht gelesen? Ich habe doch geschrieben, dass alter Krempel runter soll. Das waren nun mal uralte Versionen auf deinem Rechner!

Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

1. Windows Defender meldet Behavior:Win32/AccessibilityEscalation.N , ein Programm würde Befehle eines Angreifers ausführen:
Kategorie: Verdächtiges Verhalten
Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente: internalbehavior:70D589ACA56E6C9689F046AE47AC4A95
Bitte um Kommentar, wenn möglich.

2. Die Meldung kam nicht während ich FRST64 ausgeführt habe. Dennoch habe ich FRST64 mal gescannt und es ist schon bemerkenswert, welche Sachen FRST64 angeblich in sich birgt:
https://www.virustotal.com/de/file/0969984a3f506c66a9a84e5849b7e9bdb68117f75cbf82ca3edab074dcb089ca/analysis/1534504811/
Bitte um Kommentar, wenn möglich.

3. Hier sind FRST.txt und Additional.txt:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by d (administrator) on LAVIE (18-08-2018 18:10:24)
Running from C:\Users\d\Desktop
Loaded Profiles: d (Available Profiles: d)
Platform: Windows 8.1 Pro (Update) (X64) Language: Japanisch (Japan)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTSVC.exe
(NEC Personal Computers, Ltd.) C:\Windows\SysWOW64\NTMETER.exe
(NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftSvc.exe
() C:\Program Files\Prio\prio_svc.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\ScVssService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ALCPU) C:\Program Files\Core Temp\Core Temp.exe
() C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NEC Personal Computers, Ltd.) C:\Program Files\EcoViewer\ecomonsv.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECMFK\necmfk.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBatt\nbSched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTPB.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NPSpeed\NPSpeed.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Outertech) C:\Program Files (x86)\Linkman\Linkman.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
(RaMMicHaeL) C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(f.lux Software LLC) C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\SecCopy.exe
(Michael Farrell) C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe
() C:\Users\d\Desktop\acv507\ArsClip.exe
(Steve Emmons) C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mad Dog Apps) C:\Program Files (x86)\Mad Dog Apps\BatteryMonitor\myBatteryMonitor.exe
(pXc-coding.com) C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [NECMFK] => C:\Program Files\necmfk\necmfk.exe [164176 2013-09-19] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [IntelAntiTheftDiscoveryAppIECNotifier] => C:\Program Files (x86)\Intel\Intel Anti-Theft Discovery App\IntelAntiTheftDiscoveryAppIECNotifier.exe [142336 2013-06-25] (Intel Corporation)
HKLM\...\Run: [NECBatt] => C:\Program Files\NECBatt\nbSched.exe [356688 2013-08-05] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [PeakShiftTool] => C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe [244576 2013-07-02] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [NECBTPB] => C:\Program Files\NECBoot\NECBTPB.EXE [2789304 2012-10-05] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-09-04] (Synaptics Incorporated)
HKLM\...\Run: [RcdSettings] => C:\Program Files\NEC\NECRcdSettings\RcdSettings.exe [924536 2013-08-27] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [NPSpeed] => C:\Program Files\NPSpeed\NPSpeed.exe [3215152 2013-10-08] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [AtrioSide] => C:\Program Files\NEC\AtrioSide\AtrioSide.exe [1193328 2013-09-17] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [SmartUpdate] => C:\Program Files (x86)\NEC\SmartUpdate\reservesu.exe [234232 2013-07-08] (NEC Personal Computers, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-03-16] (Apple Inc.)
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME}
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Linkman] => C:\Program Files (x86)\Linkman\Linkman.exe [1635200 2015-12-23] (Outertech)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [421240 2016-06-10] (GP Software)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [f.lux] => C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\SecCopy.exe [3128616 2013-01-28] (Centered Systems)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] ()
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [WhatsApp] => "C:\Users\d\AppData\Local\WhatsApp\app-0.2.5371\WhatsApp.exe"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [DVSFreeVideoCallRecorder] => "C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\FreeVideoCallRecorder.exe" /minimized
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [IntelliWebSearch] => C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe [224388 2011-04-08] (Michael Farrell)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: prio.dll => No File
AppInit_DLLs-x32: prio32.dll => No File
IFEO\sethc.exe: [Debugger] logonui.exe
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1580408 2016-06-10] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [350072 2016-06-10] (GP Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Alternative Flash Player Auto-Updater.lnk [2016-01-16]
ShortcutTarget: Alternative Flash Player Auto-Updater.lnk -> C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe (pXc-coding.com)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip - Verknüpfung.lnk [2016-01-25]
ShortcutTarget: ArsClip - Verknüpfung.lnk -> C:\Users\d\Desktop\acv507\ArsClip.exe ()
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryAlarm - Shortcut.lnk [2016-04-20]
ShortcutTarget: BatteryAlarm - Shortcut.lnk -> C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe (Steve Emmons)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-09-30]
ShortcutTarget: Telegram.lnk -> C:\Users\d\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-500\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1003\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 cryptomator-vault
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A589BE57-42CC-439B-99D1-70AED469ADBE}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> DefaultScope {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = 
SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2016-07-25] (iTools.hk)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2016-07-25] (iTools.hk)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} -  No File
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} -  No File

FireFox:
========
FF DefaultProfile: 2udj1tce.default
FF ProfilePath: C:\Users\d\AppData\Roaming\Postbox\Profiles\ify653so.default [2016-02-10]
FF ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default [2018-08-18]
FF Session Restore: Mozilla\Firefox\Profiles\2udj1tce.default -> is enabled.
FF Extension: (Grammarly for Firefox) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-08-09]
FF Extension: (Video DownloadHelper) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-09]
FF Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-27]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-19] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] ()
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6

Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\Default [2018-08-03]
CHR Extension: (Präsentationen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-19]
CHR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-05-31]
CHR Extension: (Docs) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-19]
CHR Extension: (Google Drive) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-19]
CHR Extension: (YouTube) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-19]
CHR Extension: (Tab Count) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfokcacdaonnckdmopmcgeanhkebeaio [2018-07-30]
CHR Extension: (uBlock Origin) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-03]
CHR Extension: (Tab Glutton) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2018-06-25]
CHR Extension: (Tabellen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-05]
CHR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05]
CHR Extension: (Linkman) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchnedaeogijkjjkjigbijhbcanbdjkc [2018-05-05]
CHR Extension: (Google Mail) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-05]

Opera: 
=======
OPR Session Restore: -> is enabled.
OPR Extension: (Simple = Select + Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2017-09-11]
OPR Extension: (Instant Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aamgapdgopfdmokckpkfciiddpahbbcg [2017-09-11]
OPR Extension: (Google Übersetzer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-02]
OPR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aejcgigcjcdcbdkdbeiclbpekcjddapp [2016-01-17]
OPR Extension: (Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\afmdpmddiokpdknaeofdnlclbpgehhce [2018-07-25]
OPR Extension: (TransOver) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2018-08-08]
OPR Extension: (SimpleUndoClose) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aipamoaneebnhkfefefbfmhimclgafig [2018-02-19]
OPR Extension: (Redirect Bypasser) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\akalifnifmgdmgmjoaiaflkeahpbkghe [2017-05-04]
OPR Extension: (Oxford Dictionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbhgfdkgegllnkmnpidalgbgdghilnha [2016-11-10]
OPR Extension: (Select like a Boss) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfigpnfillonohmonbadflnapjejfkgm [2017-10-21]
OPR Extension: (V7 Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjcegonlhkkclkkglpgjmgnigefhkak [2018-01-14]
OPR Extension: (smartUp Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjfekefhjemchdeigphccilhncnjldn [2018-06-27]
OPR Extension: (AdGuard Werbeblocker) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2018-05-19]
OPR Extension: (V7 Bookmarks) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpmgfnikhlpakdkeeahboleoommganka [2018-04-27]
OPR Extension: (Forvo pronunciation) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccpodfblfjampgmdfllpclalbdckflmi [2017-10-21]
OPR Extension: (TrafficLight) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfnpidifppmenkapgihekkeednfoenal [2018-04-11]
OPR Extension: (archive.is Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgjpabpjaocpgppajkeplhbipbdippdm [2018-04-08]
OPR Extension: (OneTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-12-12]
OPR Extension: (ZenMate VPN - Top Internet Security & Unblock) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2018-07-21]
OPR Extension: (Shortkeys) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnjnhmmmdopghhihpeoafpkkanlagfjf [2016-04-18]
OPR Extension: (Simple Mouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cpbbhbiceidealbcfgodcffnfneffopd [2018-06-08]
OPR Extension: (Avast Online Security) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-20]
OPR Extension: (Search by Image (by Google)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-03-06]
OPR Extension: (Card Numbers for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ddadhlcejiholmdiihbdcfoapdfkhicn [2017-02-28]
OPR Extension: (Tabs Backup & Restore) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2017-12-22]
OPR Extension: (Just Read) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dgmanlpmmkibanfdgjocnabmcaclkmod [2018-08-18]
OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-28]
OPR Extension: (Copy All Urls) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2017-11-19]
OPR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2018-08-11]
OPR Extension: (SurfEasy VPN - Sicherheit, Privatsphäre, Entsperrung) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2018-05-07]
OPR Extension: (Google search link fix) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eckgbkpcmkeamlbhpcifhnijehlcogip [2018-04-12]
OPR Extension: (Session Buddy) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
OPR Extension: (HTTPS Everywhere) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2018-06-22]
OPR Extension: (Copyfish �� Free OCR Software) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eenjdnjldapjajjofmldgmkjaienebbj [2018-01-29]
OPR Extension: (VTchromizer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\efbjojhplkelaegfbieplglfidafgoka [2018-04-11]
OPR Extension: (Tabs Outliner) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2017-12-22]
OPR Extension: (Sort Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ejlljbnghfnfihpiifjaojopfkbgknoi [2016-04-18]
OPR Extension: (Copytables) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekdpkppgmlalfkphpibadldikjimijon [2017-10-21]
OPR Extension: (Tab Glutton) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2017-02-28]
OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekmmelpnmfdegjhnmadddcfjcahpajnm [2018-08-08]
OPR Extension: (Vertical Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eknjllkeehiiakhmgjjdoempaocgemkg [2017-03-20]
OPR Extension: (Wrona History Menu) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\encidpibliikeaimjmlimnnbjjpnfppl [2016-04-18]
OPR Extension: (All in one web searcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\enofjgiadilpmldfknojklfjbeaooiap [2017-09-11]
OPR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fcfpagpiibkilokeihmaggjgheaemgbi [2017-12-17]
OPR Extension: (Text Lesegerät (Text zu Sprache)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdffijlhedcdiblbingmagmdnokokgbi [2017-11-19]
OPR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2018-04-06]
OPR Extension: (SimpleUndoClose.test) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjjibgcfnmpcdipdfamlcghkphflpcfb [2017-04-16]
OPR Extension: (1Password extension (desktop app required)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnbobholfpcolmkinlokiaaanjilcop [2018-06-27]
OPR Extension: (Scroll to Top) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbefdhcpnalckelncafcbmdifclnlmce [2017-11-20]
OPR Extension: (Linkman) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbeghboempnjlacepdnkgnpplgjadpnl [2014-06-18]
OPR Extension: (Classic Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbekmpnpfkkijbodegokaigmhedbbkmg [2016-01-16]
OPR Extension: (SimpleTabOrder) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcphmfnknfenaigpefdlmnbgnjaebjim [2018-02-19]
OPR Extension: (XTranslate) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfgpkepllngchpmcippidfhmbhlljhoo [2018-05-28]
OPR Extension: (SimpleExtManager) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ggfngijafepjalmbhefafhdeedobcdbf [2018-05-28]
OPR Extension: (Super Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme [2017-11-19]
OPR Extension: (Etymonline) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\giehjnnlopapngdjbjjgddpaagoimmgl [2018-01-04]
OPR Extension: (Selection Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2018-07-26]
OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2018-07-21]
OPR Extension: (Google Right-Click Multi-Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hacdkngldbgplmdlmdhgiehbmmlckmea [2017-09-13]
OPR Extension: (Ultimello, the features pack for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hahbfgjfimnmogoinnenhheepfcphnmm [2018-06-22]
OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2018-05-05]
OPR Extension: (Video Autoplay Blocker by Robert Sulkowski) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiefnnpeemndbkjphkiffdfjbgaapifa [2016-01-17]
OPR Extension: (DotVPN — a better way to VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2018-05-19]
OPR Extension: (JavaScript Toggle On and Off) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hldheaackmkeadbfdaiidijnilnbgifo [2018-04-04]
OPR Extension: (V7 Gmail Zoom) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnfpfgoekopajiblcenihlclkgphkgmn [2017-04-13]
OPR Extension: (I don't care about cookies) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\iambaeepkgdclnmbfdnnohkjjpdglbeo [2018-08-01]
OPR Extension: (Sprachenfilter für Wikipedia) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibgceajjjioihilfcdppneoljcaofokk [2018-05-28]
OPR Extension: (Wiktionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibncmbgpniokogofpkjnlcpfpiodoppk [2017-10-21]
OPR Extension: (Wolfram|Alpha (Official)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2017-11-19]
OPR Extension: (Text to Speech (TTS)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ifnfkcmbdaelhfkpkoncangcnhieanmj [2017-10-21]
OPR Extension: (Malwarebytes Browser Extension) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-08-16]
OPR Extension: (Reader View) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ikmhokpogledimpnfdbcgondkbmfkfjc [2018-06-04]
OPR Extension: (Social Fixer for Facebook) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\inficfabgpfjiegjgnhmjdagmhlmakoo [2018-06-27]
OPR Extension: (Disable HTML5 Autoplay) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jbinbhipioellbajhbkjlpioadehpfdj [2016-08-03]
OPR Extension: (YouTube High Definition) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcdpccclajomeaeeoggbhglfomndjgfp [2016-02-06]
OPR Extension: (Close Duplicate Tab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcmhmgmojlljfpfnmlbnipanelaliikl [2016-07-28]
OPR Extension: (CloseTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdclfnplpfhdgcmafpbodpejpdnbfhpb [2016-04-20]
OPR Extension: (Translate Web Page) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jggobmlojchhlngdhmmdghgganciigof [2016-02-03]
OPR Extension: (Font Changer with Google Web Fonts™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2017-11-28]
OPR Extension: (User-Agent Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2017-11-19]
OPR Extension: (Save To The Wayback Machine) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkoddmeemofcjjeckgiddpgdbnnafoib [2018-05-10]
OPR Extension: (Search Window) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmjjleckcgnlmampjifnllbdhkobinbl [2017-12-17]
OPR Extension: (View Image - \) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2018-08-18]
OPR Extension: (Grammarly for Chrome) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-16]
OPR Extension: (The Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbgapjibpomfdnhllkbijmolmnhloona [2016-04-18]
OPR Extension: (uBlock Origin) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-07-19]
OPR Extension: (Stylus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdinfjomkigjcjcbigolloleeiianaif [2018-07-16]
OPR Extension: (Leo Dictionary Widget) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kepemmpmljphklmpfgfmhpjhpdlccpke [2017-10-14]
OPR Extension: ( Copy URLs ) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgmdofgghbeipjnddielphhhecgnppab [2016-04-18]
OPR Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khgbdhkpcapllhgfekjegcinegfhjbmi [2018-04-09]
OPR Extension: (V7 Sessions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmbgihnlknbjgjhmekjeoidpfimabpp [2016-11-10]
OPR Extension: (Install Chrome Extensions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-08-18]
OPR Extension: (Force Download) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\klahcccondnnonafcbcdgbahphglbjjg [2017-12-11]
OPR Extension: (Flash Player for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knbfimhapmnifdchcafinkbfikmomaak [2016-12-15]
OPR Extension: (etymon one-click search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knhbicgmdmcjehdpmipibiebegaoiecc [2017-09-16]
OPR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19]
OPR Extension: (Direct links for Google Image) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lbbpfcajcbdmfhkkleloodefhanneljl [2018-04-12]
OPR Extension: (Disable Extensions Temporarily) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lcfdefmogcogicollfebhgjiiakbjdje [2017-09-13]
OPR Extension: (Wikimedia Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclegfmhkjbcpiikogacbfbpdgfbdifi [2017-11-19]
OPR Extension: (Free Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfkfikiejjfhpfbpgfolfkkdjpepmkal [2018-04-18]
OPR Extension: (Sidebar for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljkgfkfopogmclcinephnaeekjiikibd [2017-09-27]
OPR Extension: (V7 Drag) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmmhflhfcljkioicbckchnpfiffcjkjp [2017-11-19]
OPR Extension: (Nehmen Sie Screenshot der Webseite - FireShot) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-01-08]
OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2017-11-19]
OPR Extension: (Tab Close Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfkclbfmlbdmjhndmdbbcmlnhojgopdd [2016-04-18]
OPR Extension: (CLEAN crxMouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mjidkpedjlfnanainpdfnedkdlacidla [2017-11-20]
OPR Extension: (About://Internal Pages) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpkgnldklpemphbfogboacnljgfpnkme [2016-07-28]
OPR Extension: (Video Speed Controller) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-07-08]
OPR Extension: (Copy URL + Title) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhmdngoiikdcodlpeifbjcjpjhefipal [2016-04-18]
OPR Extension: (Save to Pocket) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2018-07-08]
OPR Extension: (Violent monkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-11-19]
OPR Extension: (Scroll To Top Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\njdplanogllnioicoadncjfgfhdnnpha [2018-08-08]
OPR Extension: (dict-cc) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-10-07]
OPR Extension: (SaveFrom.net Helfer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2018-08-18]
OPR Extension: (Better History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\obciceimmggglbmelaidpjlmodcebijb [2017-12-22]
OPR Extension: (Enhancer for YouTube) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2018-08-01]
OPR Extension: (Zoom Popup) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofpknbbbohcgomapfgcgadleckdagikj [2016-04-18]
OPR Extension: (Google™ Translator Sidebar) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ogmklpmbehclccahgccdnhjipkmmjaom [2017-08-15]
OPR Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-07-19]
OPR Extension: (Open Multiple URLs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oifijhaokejakekmnjmphonojcfkpbbh [2017-11-21]
OPR Extension: (LEO Wörterbuchsuche) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp [2018-01-08]
OPR Extension: (Mercury Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2018-06-10]
OPR Extension: (Mate Translate – Übersetzer, Wörterbuch) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2018-07-10]
OPR Extension: (V7 History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oneajlghdhobcelcgbgkjaipjoopcggg [2017-08-11]
OPR Extension: (Remove cookie(s) for the current domain) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\opbghiaphmcbefjfoihikkbpjaoanala [2017-03-16]
OPR Extension: (FlexyTrello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pggiemacedhgohmpcgdpceckeicjlgfn [2018-01-05]
OPR Extension: (Context Menus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\phlfmkfpmphogkomddckmggcfpmfchpn [2017-11-20]
OPR Extension: (Extract Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pibjcpkpaecbpifdkbehcicaoaejkaie [2016-04-18]
OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2018-08-01]
OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll []
OPR Extension: (Enhancer for YouTube™) - C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_22_0_0_192.dll []
StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files (x86)\Opera developer\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
R2 AS ContentsDL; C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe [70520 2013-09-17] (NEC Personal Computers, Ltd.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2018-04-09] (AOMEI Tech Co., Ltd.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-03-29] (Digital Wave Ltd.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel)
R2 ecomonsv; C:\Program Files\EcoViewer\ecomonsv.exe [280496 2012-12-04] (NEC Personal Computers, Ltd.)
R2 ibtsiva; C:\windows\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd)
S4 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [363144 2016-02-05] (Mailbird)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S4 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2016-12-17] (StagWare) [File not signed]
R2 NEC Move Media Server Monitor Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe [134920 2013-12-16] (CyberLink)
R2 NEC Move Media Server Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe [375560 2013-12-16] (CyberLink)
R2 NECBT SERVICE; C:\Program Files\NECBoot\NECBTSVC.exe [237496 2012-10-05] (NEC Personal Computers, Ltd.)
S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft)
R2 NT Meter; c:\windows\syswow64\NTMETER.exe [98672 2013-05-08] (NEC Personal Computers, Ltd.)
S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 PeakShiftSvc; C:\Program Files\PeakShiftTool\PeakShiftSvc.exe [289624 2013-07-02] (NEC Personal Computers, Ltd.)
R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12704 2017-01-15] ()
R2 ScVssService64; C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [75048 2013-01-28] (Centered Systems)
S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [183568 2018-03-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [X]
S2 EaseUS Agent; "C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe" [X]
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S4 watchtw; C:\windows\SysWOW64\wtwatch.exe [X]
S2 WebServTw; C:\windows\SysWOW64\wstw.exe [X]
S4 wtflserv; C:\windows\SysWOW64\fltw.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\windows\System32\ambakdrv.sys [51120 2016-12-21] ()
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [171952 2016-12-21] ()
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [38320 2017-09-01] ()
S3 esihdrv; C:\Users\d\AppData\Local\Temp\esihdrv.sys [149928 2018-04-09] (ESET) <==== ATTENTION
R0 EUBAKUP; C:\windows\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] () [File not signed]
R1 EUDSKACS; C:\windows\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\windows\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [231400 2017-05-19] (Intel Corporation)
R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R1 MFKGTKEY; C:\windows\system32\drivers\mfkgtkey.sys [26960 2013-09-19] (NEC Personal Computers, Ltd.)
R1 MpKsl4cdd01a1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4F04C5A3-E02C-42C0-A31B-D6672F499147}\MpKsl4cdd01a1.sys [58120 2018-08-18] (Microsoft Corporation)
R3 necbatt; C:\windows\System32\drivers\necbatt.sys [19760 2013-06-20] (NEC Personal Computers, Ltd.)
R3 necextif; C:\windows\System32\drivers\necextif.sys [26448 2013-06-21] (NEC Personal Computers, Ltd.)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3521032 2017-11-08] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 Ps2Led; C:\windows\system32\DRIVERS\Ps2Led.sys [18768 2013-09-19] (NEC Personal Computers, Ltd.)
R1 Ps2LedIF; C:\windows\system32\drivers\ps2ledif.sys [16208 2013-09-19] (NEC Personal Computers, Ltd.)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows (R) Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [31856 2017-03-23] (Windows (R) Win 7 DDK provider)
R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-07-18] (Corel Corporation)
R3 RadioSwitchHID; C:\windows\System32\drivers\RadioSwitchHID.sys [19456 2012-08-24] (NEC Personal Computers, Ltd.)
S3 RTLU3E8023-W8-64; C:\windows\system32\DRIVERS\rtu30x64w8.sys [70656 2013-06-18] (Realtek )
R3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R0 Sahdad64; C:\windows\System32\Drivers\Sahdad64.sys [28304 2013-07-23] (Corel Corporation)
R0 Saibad64; C:\windows\System32\Drivers\Saibad64.sys [20112 2013-07-23] (Corel Corporation)
R1 SaibVdAd64; C:\windows\System32\Drivers\SaibVdAd64.sys [27792 2013-07-23] (Corel Corporation)
R3 VBoxNetAdp; C:\windows\system32\DRIVERS\VBoxNetAdp6.sys [198032 2018-02-26] (Oracle Corporation)
R1 VBoxNetLwf; C:\windows\system32\DRIVERS\VBoxNetLwf.sys [208392 2018-02-26] (Oracle Corporation)
S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [125008 2015-12-18] (Oracle Corporation)
S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2017-09-24] (OpenLibSys.org)
R1 wtfilter_6589; C:\windows\System32\drivers\wtfilter_6589.sys [86488 2017-02-06] ()
R3 ALSysIO; \??\C:\Users\d\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
U0 aswVmm; no ImagePath
S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X]
S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-18 11:37 - 2018-08-18 17:49 - 000090960 _____ C:\Users\d\Desktop\Addition.txt
2018-08-18 11:34 - 2018-08-18 18:10 - 000048596 _____ C:\Users\d\Desktop\FRST.txt
2018-08-18 00:19 - 2018-08-18 00:34 - 000000000 ____D C:\AdwCleaner
2018-08-18 00:09 - 2018-08-18 00:12 - 007417040 _____ (Malwarebytes) C:\Users\d\Downloads\adwcleaner_7.2.2.exe
2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Downloads\FRST64.exe
2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Desktop\FRST64.exe
2018-08-17 20:14 - 2018-08-18 18:10 - 000000000 ____D C:\FRST
2018-08-17 20:13 - 2018-08-17 23:33 - 000000000 _____ C:\Users\d\Desktop\trojaner.txt
2018-08-16 00:30 - 2018-07-19 09:06 - 007371616 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-08-16 00:30 - 2018-07-19 08:48 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-08-16 00:30 - 2018-07-19 08:15 - 025745408 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-08-16 00:30 - 2018-07-19 06:35 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-08-16 00:30 - 2018-07-19 06:33 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-08-16 00:30 - 2018-07-19 06:33 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-08-16 00:30 - 2018-07-19 06:30 - 005778432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2018-08-16 00:30 - 2018-07-19 06:21 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-08-16 00:30 - 2018-07-19 06:05 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-08-16 00:30 - 2018-07-19 06:03 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-08-16 00:30 - 2018-07-19 06:01 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-08-16 00:30 - 2018-07-19 05:55 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-08-16 00:30 - 2018-07-19 05:55 - 000099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2018-08-16 00:30 - 2018-07-19 05:54 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-08-16 00:30 - 2018-07-19 05:47 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-08-16 00:30 - 2018-07-19 05:46 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-08-16 00:30 - 2018-07-19 05:45 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-08-16 00:30 - 2018-07-19 05:45 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-08-16 00:30 - 2018-07-19 05:43 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-08-16 00:30 - 2018-07-19 05:32 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-08-16 00:30 - 2018-07-19 05:31 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-08-16 00:30 - 2018-07-19 05:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-08-16 00:30 - 2018-07-19 05:28 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-08-16 00:30 - 2018-07-19 05:20 - 001554944 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-08-16 00:30 - 2018-07-19 05:17 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2018-08-16 00:30 - 2018-07-19 05:09 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-08-16 00:30 - 2018-07-19 05:09 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-08-16 00:30 - 2018-07-19 05:06 - 001329152 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-08-16 00:30 - 2018-07-19 05:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-08-16 00:30 - 2018-07-13 09:51 - 002452824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-08-16 00:30 - 2018-07-07 20:33 - 001548632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2018-08-16 00:30 - 2018-07-07 19:05 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-08-16 00:30 - 2018-07-07 19:02 - 000096768 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2018-08-16 00:30 - 2018-07-07 19:00 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2018-08-16 00:30 - 2018-07-07 18:33 - 000078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2018-08-16 00:30 - 2018-07-07 18:31 - 000113664 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2018-08-16 00:30 - 2018-07-06 19:37 - 001754624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2018-08-16 00:30 - 2018-07-06 18:36 - 001491968 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2018-08-16 00:30 - 2018-06-30 20:00 - 001113952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2018-08-16 00:30 - 2018-06-27 20:10 - 000559104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\csc.sys
2018-08-16 00:30 - 2018-06-27 19:48 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\CscMig.dll
2018-08-16 00:30 - 2018-06-24 17:11 - 000748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-08-16 00:30 - 2018-06-24 17:04 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-08-16 00:30 - 2018-06-19 15:38 - 003611136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2018-08-16 00:30 - 2018-06-19 15:38 - 003321344 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2018-08-16 00:30 - 2018-06-19 15:31 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2018-08-16 00:30 - 2018-06-19 15:29 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2018-08-16 00:30 - 2018-06-16 17:03 - 002779136 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-08-16 00:30 - 2018-06-16 16:59 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-08-16 00:30 - 2018-06-15 06:34 - 000923512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2018-08-16 00:30 - 2018-06-15 04:12 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2018-08-16 00:30 - 2018-06-15 03:55 - 000840192 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2018-08-16 00:30 - 2018-06-15 03:43 - 000186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2018-08-16 00:30 - 2018-06-15 03:26 - 000514560 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2018-08-16 00:30 - 2018-06-15 03:22 - 000866304 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2018-08-16 00:30 - 2018-06-15 03:19 - 000399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2018-08-16 00:30 - 2018-06-08 20:47 - 000083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-08-16 00:29 - 2018-07-19 06:23 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-08-16 00:29 - 2018-07-19 05:53 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-08-16 00:29 - 2018-07-19 05:34 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-08-16 00:29 - 2018-07-19 05:28 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-08-16 00:29 - 2018-06-15 04:28 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-08-16 00:29 - 2018-06-15 04:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-08-11 07:55 - 2018-08-11 07:55 - 759471852 _____ C:\windows\MEMORY.DMP
2018-08-11 07:55 - 2018-08-11 07:55 - 000296888 _____ C:\windows\Minidump\081118-7421-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-18 18:07 - 2013-08-22 17:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-08-18 18:07 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\Macromed
2018-08-18 18:04 - 2014-06-11 01:30 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417334993-2898295356-3386692794-1001
2018-08-18 18:02 - 2014-07-05 21:58 - 000000000 ____D C:\Users\d\AppData\Local\CrashDumps
2018-08-18 17:59 - 2016-02-27 04:33 - 000000000 ____D C:\Users\d\AppData\Local\ClassicShell
2018-08-18 17:59 - 2016-01-16 12:36 - 000000000 ____D C:\Program Files (x86)\Alternative Flash Player Auto-Updater
2018-08-18 17:59 - 2014-06-12 21:16 - 000011354 _____ C:\windows\system32\perfh007.dat
2018-08-18 17:59 - 2014-06-12 21:16 - 000006212 _____ C:\windows\system32\perfc007.dat
2018-08-18 17:59 - 2013-08-28 09:06 - 000018338 _____ C:\windows\system32\PerfStringBackup.INI
2018-08-18 17:59 - 2013-08-23 00:47 - 000005884 _____ C:\windows\system32\perfc011.dat
2018-08-18 17:59 - 2013-08-23 00:47 - 000005820 _____ C:\windows\system32\perfh011.dat
2018-08-18 17:59 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf
2018-08-18 17:57 - 2016-07-25 16:40 - 000003332 _____ C:\windows\System32\Tasks\iToolsDaemon
2018-08-18 17:54 - 2016-01-16 12:43 - 000000000 ____D C:\Users\d\Desktop\acv507
2018-08-18 17:51 - 2018-04-12 19:10 - 000000082 _____ C:\windows\SysWOW64\winsevr.dat
2018-08-18 17:51 - 2018-04-12 19:09 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2018-08-18 17:51 - 2016-02-10 01:02 - 000000000 ____D C:\Program Files\Java
2018-08-18 17:51 - 2016-01-11 12:20 - 000000000 ____D C:\Program Files\Common Files\AV
2018-08-18 17:51 - 2016-01-11 12:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-08-18 17:51 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-18 17:51 - 2013-08-22 16:44 - 000597840 _____ C:\windows\system32\FNTCACHE.DAT
2018-08-18 17:45 - 2014-06-11 01:50 - 000000000 ____D C:\Users\d\AppData\Local\Apple Computer
2018-08-18 17:44 - 2016-01-30 21:30 - 000000000 ____D C:\ProgramData\Apple Computer
2018-08-18 17:39 - 2014-06-11 01:27 - 000003868 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A885AFCF-DEDA-4845-AD42-3903A4A06B09}
2018-08-18 15:58 - 2016-01-25 20:22 - 000000000 ____D C:\Users\d\Desktop\linkman database
2018-08-18 15:57 - 2018-04-25 19:12 - 000003668 _____ C:\windows\System32\Tasks\JavaUpdateSched
2018-08-18 15:57 - 2016-02-10 01:02 - 000145272 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2018-08-18 00:34 - 2017-08-17 18:04 - 000000000 ____D C:\ProgramData\iolo
2018-08-18 00:34 - 2017-08-17 18:04 - 000000000 ____D C:\Program Files (x86)\iolo
2018-08-18 00:34 - 2017-06-30 00:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-08-18 00:34 - 2014-06-17 04:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-18 00:33 - 2016-12-05 16:31 - 000000000 ____D C:\Users\d\AppData\LocalLow\Mozilla
2018-08-18 00:32 - 2016-06-16 16:20 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-18 00:09 - 2018-02-19 17:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-08-17 23:44 - 2013-08-22 17:36 - 000000000 ___HD C:\windows\ELAMBKUP
2018-08-17 01:32 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\ELAM
2018-08-16 16:15 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache
2018-08-16 04:31 - 2016-06-03 21:44 - 000003882 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1464983063
2018-08-16 04:31 - 2016-06-03 21:44 - 000000000 ____D C:\Program Files (x86)\Opera developer
2018-08-16 04:29 - 2014-06-12 22:14 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-16 04:23 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\BBI
2018-08-16 04:22 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData
2018-08-16 02:12 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp
2018-08-13 15:49 - 2018-03-21 15:19 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-08-13 08:25 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness
2018-08-11 08:09 - 2014-06-11 01:25 - 000000000 ____D C:\Users\d
2018-08-11 07:55 - 2014-07-05 22:35 - 000000000 ____D C:\windows\Minidump
2018-08-10 00:38 - 2018-05-05 20:25 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 00:38 - 2018-05-05 20:25 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-08 19:10 - 2014-06-12 22:14 - 000003862 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1402604082
2018-08-04 01:46 - 2013-08-22 17:38 - 000836480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-08-04 01:46 - 2013-08-22 17:38 - 000181120 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-26 20:36 - 2016-01-11 13:09 - 000000000 ____D C:\windows\system32\appraiser
2018-07-26 20:26 - 2017-05-13 20:36 - 000002086 _____ C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ____D C:\ProgramData\Skype
2018-07-25 20:50 - 2016-01-23 02:31 - 000000000 ____D C:\Users\d\AppData\Roaming\Skype
2018-07-19 19:55 - 2016-04-19 08:31 - 000000000 ____D C:\Users\d\AppData\Roaming\PrimoPDF

==================== Files in the root of some directories =======

2004-02-06 21:06 - 2004-02-06 21:06 - 000000000 ____H () C:\ProgramData\sdpsenv.dat
2018-07-18 08:04 - 2018-07-18 08:04 - 000000600 _____ () C:\Users\d\AppData\Local\PUTTY.RND
2018-01-13 16:54 - 2018-01-13 16:54 - 000000218 _____ () C:\Users\d\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2016-06-17 10:37 - 2016-06-17 10:37 - 003045232 _____ (AnVir Software) C:\Users\d\AppData\Local\Temp\AnVir.exe
2016-04-19 08:35 - 2016-04-19 08:35 - 008108488 _____ () C:\Users\d\AppData\Local\Temp\converter.exe
2014-06-19 00:36 - 2014-06-19 00:36 - 000374208 _____ (ESET) C:\Users\d\AppData\Local\Temp\InstHelper.exe
2018-08-18 15:55 - 2018-08-18 15:55 - 002346360 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-10.0.2+13_windows-x64_bin-au.exe
2016-11-03 20:36 - 2016-11-03 20:36 - 000737856 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-27 05:24 - 2017-01-27 05:24 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-05-04 14:05 - 2017-05-04 14:05 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-07-21 17:36 - 2017-07-21 17:36 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-11-24 13:32 - 2017-11-24 13:32 - 001856576 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-03-28 00:30 - 2018-03-28 00:30 - 001864256 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-04-25 06:46 - 2018-04-25 06:46 - 001884616 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u171-windows-au.exe
2016-03-23 22:16 - 2016-03-23 22:16 - 000736320 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-07-04 06:55 - 2016-07-04 06:55 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-02-09 23:54 - 2016-01-31 21:51 - 000041432 _____ () C:\Users\d\AppData\Local\Temp\kh_5552.dll
2014-06-17 04:32 - 2014-03-25 00:55 - 000099096 _____ () C:\Users\d\AppData\Local\Temp\LMkRstPt.exe
2016-02-09 23:54 - 2016-01-31 21:51 - 000038872 _____ () C:\Users\d\AppData\Local\Temp\mh_5552.dll
2016-06-03 21:44 - 2016-06-03 21:44 - 001086464 _____ (Opera Software) C:\Users\d\AppData\Local\Temp\Opera_installer_2016634422903.dll
2016-12-16 03:25 - 2018-07-10 21:46 - 065875720 _____ (Paramount Software UK Ltd) C:\Users\d\AppData\Local\Temp\reflectPatch.exe
2016-02-09 05:18 - 2018-07-25 20:51 - 057812744 _____ (Skype Technologies S.A.) C:\Users\d\AppData\Local\Temp\SkypeSetup.exe
2018-04-09 15:53 - 2018-04-09 15:53 - 004845696 _____ (ESET) C:\Users\d\AppData\Local\Temp\SysInspector.exe
2015-12-31 14:07 - 2015-12-31 14:08 - 031948192 _____ (IDM Computer Solutions, Inc.) C:\Users\d\AppData\Local\Temp\uc_english.exe
2017-05-10 12:32 - 2017-05-10 12:32 - 014456872 _____ (Microsoft Corporation) C:\Users\d\AppData\Local\Temp\vc_redist.x86.exe
2015-08-03 01:58 - 2015-08-03 01:58 - 000118784 _____ () C:\Users\d\AppData\Local\Temp\xmlUpdater.exe
2016-02-09 23:52 - 2013-07-06 17:02 - 001520544 _____ (Pitrinec Software) C:\Users\d\AppData\Local\Temp\~cbu_tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-17 04:06

==================== End of FRST.txt ============================
         

--- --- ---

--- --- ---

--- --- ---