| |
| |||||||
Log-Analyse und Auswertung: Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.08.2018, 20:37
| #1 |
 |  Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) Hallo, heute bekam ich folgende Meldung: _________________ Kaspersky Internet Security Schadsoftware wurde gefunden. Es wird empfohlen, vor dem Neustart des Computers alle laufenden Programme zu schließen und alle Änderungen zu speichern. Gefunden: Trojan.Multi.GenAutorunReg.a Ort: System Memory [Desinfizieren und Computer neu starten] _________________ - Ich habe nichts auf der Meldung angeklickt; sie ist noch sichtbar. - Ich habe alle externen Datenträger entfernt und ein Image der Festplatte gemacht. - Soll ich alle Passwörter ändern? - Ich habe unter anderem folgende zugehörigen Threads gefunden: - https://forum.kaspersky.com/index.php?/topic/396586-trojanmultigenautorunreg/ - https://forum.kaspersky.com/index.php?/topic/398038-trojanmultigenautorunrega-detected-in-memory-and-not-removed/ - https://forum.kaspersky.com/index.php?/topic/361440-trojanmultigenautorunrega/ - ähnlich aber nicht identisch: https://www.trojaner-board.de/175559-trojan-multi-genautorun-task-b-system-memory.html Ich habe Farbar (64) ausgeführt, dabei kam es zu folgendem Fehler: error saving file c:\FRST\HIVES\drivers continue with the next file? [ regcreatekeyex:87 - falscher paramenter ] failed to update Als ich es dann erneut startet, wurde die registry nicht erneut gebackupt, sodass auch der fehler nicht mehr erschien, obwohl er nicht behoben wurde und also weiterhin besteht. Zu naughtypirates stream im log file: https://forums.malwarebytes.com/topic/162382-possible-signs-of-malware-on-my-system/ https://forums.spybot.info/showthread.php?67975-Not-sure-if-I-have-rootkits-or-not Zu SmEdit und AkelPad: Ungefährliche Programmme, ich kenne die Autoren ComputerTime und CWG child weg guardian sind ebenfalls legitim und mir bekannt. dazu gehören auch fltw.exe, wstw.exe wtwatch.exe Ich habe Vertrauen ins Trojanerboard, da mir vor ca. 6 Jahren schonmal gut geholfen wurde. Gern auch wieder eine Spende. Vielen Dank im Voraus für Eure Bemühungen, ich werde alle Anweisungen exakt befolgen. In FRST.txt werden im letzten Monat erstellte Dateien aufgelistet. Aus Datenschutzgründen habe ich einige ungefährliche, mir bekannte / von mir erstelle Dateien aus der Liste gelöscht. https://threats.kaspersky.com/en/threat/Trojan.Multi.GenAutorunReg/ Ich habe eine Letzthoffnung, dass es ein False Positive ist....??? UND DANKE FÜR EURE HILFE IM VORAUS!!! Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by d (administrator) on LAVIE (17-08-2018 20:19:54)
Running from C:\Users\d\AppData\Local\Temp\scoped_dir5172_2273
Loaded Profiles: d (Available Profiles: d)
Platform: Windows 8.1 Pro (Update) (X64) Language: Japanisch (Japan)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTSVC.exe
(NEC Personal Computers, Ltd.) C:\Windows\SysWOW64\NTMETER.exe
(NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftSvc.exe
() C:\Program Files\Prio\prio_svc.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\ScVssService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECMFK\necmfk.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBatt\nbSched.exe
(NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTPB.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NPSpeed\NPSpeed.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Outertech) C:\Program Files (x86)\Linkman\Linkman.exe
(RaMMicHaeL) C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
(f.lux Software LLC) C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\SecCopy.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Michael Farrell) C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
() C:\Users\d\Desktop\acv507\ArsClip.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Steve Emmons) C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mad Dog Apps) C:\Program Files (x86)\Mad Dog Apps\BatteryMonitor\myBatteryMonitor.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(pXc-coding.com) C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(NEC Personal Computers, Ltd.) C:\Program Files\EcoViewer\ecomonsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(AkelSoft) C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
(AkelSoft) C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
(AkelSoft) C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [NECMFK] => C:\Program Files\necmfk\necmfk.exe [164176 2013-09-19] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [IntelAntiTheftDiscoveryAppIECNotifier] => C:\Program Files (x86)\Intel\Intel Anti-Theft Discovery App\IntelAntiTheftDiscoveryAppIECNotifier.exe [142336 2013-06-25] (Intel Corporation)
HKLM\...\Run: [NECBatt] => C:\Program Files\NECBatt\nbSched.exe [356688 2013-08-05] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [PeakShiftTool] => C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe [244576 2013-07-02] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [NECBTPB] => C:\Program Files\NECBoot\NECBTPB.EXE [2789304 2012-10-05] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-09-04] (Synaptics Incorporated)
HKLM\...\Run: [RcdSettings] => C:\Program Files\NEC\NECRcdSettings\RcdSettings.exe [924536 2013-08-27] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [NPSpeed] => C:\Program Files\NPSpeed\NPSpeed.exe [3215152 2013-10-08] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [AtrioSide] => C:\Program Files\NEC\AtrioSide\AtrioSide.exe [1193328 2013-09-17] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd)
HKLM-x32\...\Run: [SmartUpdate] => C:\Program Files (x86)\NEC\SmartUpdate\reservesu.exe [234232 2013-07-08] (NEC Personal Computers, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-03-16] (Apple Inc.)
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME}
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Linkman] => C:\Program Files (x86)\Linkman\Linkman.exe [1635200 2015-12-23] (Outertech)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [421240 2016-06-10] (GP Software)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [f.lux] => C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\SecCopy.exe [3128616 2013-01-28] (Centered Systems)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] ()
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [WhatsApp] => "C:\Users\d\AppData\Local\WhatsApp\app-0.2.5371\WhatsApp.exe"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [DVSFreeVideoCallRecorder] => "C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\FreeVideoCallRecorder.exe" /minimized
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [IntelliWebSearch] => C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe [224388 2011-04-08] (Michael Farrell)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: prio.dll => No File
AppInit_DLLs-x32: prio32.dll => No File
IFEO\sethc.exe: [Debugger] logonui.exe
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1580408 2016-06-10] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [350072 2016-06-10] (GP Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Alternative Flash Player Auto-Updater.lnk [2016-01-16]
ShortcutTarget: Alternative Flash Player Auto-Updater.lnk -> C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe (pXc-coding.com)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip - Verknüpfung.lnk [2016-01-25]
ShortcutTarget: ArsClip - Verknüpfung.lnk -> C:\Users\d\Desktop\acv507\ArsClip.exe ()
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryAlarm - Shortcut.lnk [2016-04-20]
ShortcutTarget: BatteryAlarm - Shortcut.lnk -> C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe (Steve Emmons)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-09-30]
ShortcutTarget: Telegram.lnk -> C:\Users\d\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-500\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1003\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1001\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 cryptomator-vault
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A589BE57-42CC-439B-99D1-70AED469ADBE}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> DefaultScope {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL =
SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2016-07-25] (iTools.hk)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2016-07-25] (iTools.hk)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - No File
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-07-23] (AO Kaspersky Lab)
FireFox:
========
FF DefaultProfile: 2udj1tce.default
FF ProfilePath: C:\Users\d\AppData\Roaming\Postbox\Profiles\ify653so.default [2016-02-10]
FF ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default [2018-08-17]
FF Session Restore: Mozilla\Firefox\Profiles\2udj1tce.default -> is enabled.
FF Extension: (Grammarly for Firefox) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-08-09]
FF Extension: (Video DownloadHelper) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-09]
FF Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-27]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-19] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-05-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-16] ()
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] ()
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\Default [2018-08-03]
CHR Extension: (Präsentationen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-19]
CHR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-05-31]
CHR Extension: (Docs) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-19]
CHR Extension: (Google Drive) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-19]
CHR Extension: (YouTube) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-19]
CHR Extension: (Tab Count) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfokcacdaonnckdmopmcgeanhkebeaio [2018-07-30]
CHR Extension: (uBlock Origin) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-03]
CHR Extension: (Tab Glutton) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2018-06-25]
CHR Extension: (Tabellen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-05]
CHR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05]
CHR Extension: (Linkman) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchnedaeogijkjjkjigbijhbcanbdjkc [2018-05-05]
CHR Extension: (Google Mail) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-05]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
Opera:
=======
OPR Session Restore: -> is enabled.
OPR Extension: (Simple = Select + Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2017-09-11]
OPR Extension: (Instant Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aamgapdgopfdmokckpkfciiddpahbbcg [2017-09-11]
OPR Extension: (Google Ãœbersetzer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-02]
OPR Extension: (Disable Youtubeâ„¢ HTML5 Player) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aejcgigcjcdcbdkdbeiclbpekcjddapp [2016-01-17]
OPR Extension: (Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\afmdpmddiokpdknaeofdnlclbpgehhce [2018-07-25]
OPR Extension: (TransOver) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2018-08-08]
OPR Extension: (SimpleUndoClose) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aipamoaneebnhkfefefbfmhimclgafig [2018-02-19]
OPR Extension: (Redirect Bypasser) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\akalifnifmgdmgmjoaiaflkeahpbkghe [2017-05-04]
OPR Extension: (Oxford Dictionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbhgfdkgegllnkmnpidalgbgdghilnha [2016-11-10]
OPR Extension: (Select like a Boss) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfigpnfillonohmonbadflnapjejfkgm [2017-10-21]
OPR Extension: (V7 Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjcegonlhkkclkkglpgjmgnigefhkak [2018-01-14]
OPR Extension: (smartUp Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjfekefhjemchdeigphccilhncnjldn [2018-06-27]
OPR Extension: (AdGuard Werbeblocker) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2018-05-19]
OPR Extension: (V7 Bookmarks) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpmgfnikhlpakdkeeahboleoommganka [2018-04-27]
OPR Extension: (Forvo pronunciation) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccpodfblfjampgmdfllpclalbdckflmi [2017-10-21]
OPR Extension: (TrafficLight) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfnpidifppmenkapgihekkeednfoenal [2018-04-11]
OPR Extension: (archive.is Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgjpabpjaocpgppajkeplhbipbdippdm [2018-04-08]
OPR Extension: (OneTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-12-12]
OPR Extension: (ZenMate VPN - Top Internet Security & Unblock) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2018-07-21]
OPR Extension: (Shortkeys) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnjnhmmmdopghhihpeoafpkkanlagfjf [2016-04-18]
OPR Extension: (Simple Mouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cpbbhbiceidealbcfgodcffnfneffopd [2018-06-08]
OPR Extension: (Avast Online Security) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-20]
OPR Extension: (Search by Image (by Google)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-03-06]
OPR Extension: (Card Numbers for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ddadhlcejiholmdiihbdcfoapdfkhicn [2017-02-28]
OPR Extension: (Tabs Backup & Restore) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2017-12-22]
OPR Extension: (Just Read) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dgmanlpmmkibanfdgjocnabmcaclkmod [2018-08-16]
OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-28]
OPR Extension: (Copy All Urls) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2017-11-19]
OPR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2018-08-11]
OPR Extension: (SurfEasy VPN - Sicherheit, Privatsphäre, Entsperrung) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2018-05-07]
OPR Extension: (Google search link fix) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eckgbkpcmkeamlbhpcifhnijehlcogip [2018-04-12]
OPR Extension: (Session Buddy) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
OPR Extension: (HTTPS Everywhere) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2018-06-22]
OPR Extension: (Copyfish 🟠Free OCR Software) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eenjdnjldapjajjofmldgmkjaienebbj [2018-01-29]
OPR Extension: (VTchromizer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\efbjojhplkelaegfbieplglfidafgoka [2018-04-11]
OPR Extension: (Tabs Outliner) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2017-12-22]
OPR Extension: (Sort Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ejlljbnghfnfihpiifjaojopfkbgknoi [2016-04-18]
OPR Extension: (Copytables) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekdpkppgmlalfkphpibadldikjimijon [2017-10-21]
OPR Extension: (Tab Glutton) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2017-02-28]
OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekmmelpnmfdegjhnmadddcfjcahpajnm [2018-08-08]
OPR Extension: (Vertical Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eknjllkeehiiakhmgjjdoempaocgemkg [2017-03-20]
OPR Extension: (Wrona History Menu) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\encidpibliikeaimjmlimnnbjjpnfppl [2016-04-18]
OPR Extension: (All in one web searcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\enofjgiadilpmldfknojklfjbeaooiap [2017-09-11]
OPR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fcfpagpiibkilokeihmaggjgheaemgbi [2017-12-17]
OPR Extension: (Text Lesegerät (Text zu Sprache)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdffijlhedcdiblbingmagmdnokokgbi [2017-11-19]
OPR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2018-04-06]
OPR Extension: (SimpleUndoClose.test) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjjibgcfnmpcdipdfamlcghkphflpcfb [2017-04-16]
OPR Extension: (1Password extension (desktop app required)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnbobholfpcolmkinlokiaaanjilcop [2018-06-27]
OPR Extension: (Scroll to Top) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbefdhcpnalckelncafcbmdifclnlmce [2017-11-20]
OPR Extension: (Linkman) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbeghboempnjlacepdnkgnpplgjadpnl [2014-06-18]
OPR Extension: (Classic Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbekmpnpfkkijbodegokaigmhedbbkmg [2016-01-16]
OPR Extension: (SimpleTabOrder) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcphmfnknfenaigpefdlmnbgnjaebjim [2018-02-19]
OPR Extension: (XTranslate) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfgpkepllngchpmcippidfhmbhlljhoo [2018-05-28]
OPR Extension: (SimpleExtManager) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ggfngijafepjalmbhefafhdeedobcdbf [2018-05-28]
OPR Extension: (Super Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme [2017-11-19]
OPR Extension: (Etymonline) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\giehjnnlopapngdjbjjgddpaagoimmgl [2018-01-04]
OPR Extension: (Selection Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2018-07-26]
OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2018-07-21]
OPR Extension: (Google Right-Click Multi-Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hacdkngldbgplmdlmdhgiehbmmlckmea [2017-09-13]
OPR Extension: (Ultimello, the features pack for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hahbfgjfimnmogoinnenhheepfcphnmm [2018-06-22]
OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2018-05-05]
OPR Extension: (Video Autoplay Blocker by Robert Sulkowski) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiefnnpeemndbkjphkiffdfjbgaapifa [2016-01-17]
OPR Extension: (DotVPN — a better way to VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2018-05-19]
OPR Extension: (JavaScript Toggle On and Off) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hldheaackmkeadbfdaiidijnilnbgifo [2018-04-04]
OPR Extension: (V7 Gmail Zoom) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnfpfgoekopajiblcenihlclkgphkgmn [2017-04-13]
OPR Extension: (I don't care about cookies) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\iambaeepkgdclnmbfdnnohkjjpdglbeo [2018-08-01]
OPR Extension: (Sprachenfilter für Wikipedia) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibgceajjjioihilfcdppneoljcaofokk [2018-05-28]
OPR Extension: (Wiktionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibncmbgpniokogofpkjnlcpfpiodoppk [2017-10-21]
OPR Extension: (Wolfram|Alpha (Official)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2017-11-19]
OPR Extension: (Text to Speech (TTS)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ifnfkcmbdaelhfkpkoncangcnhieanmj [2017-10-21]
OPR Extension: (Malwarebytes Browser Extension) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-08-16]
OPR Extension: (Reader View) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ikmhokpogledimpnfdbcgondkbmfkfjc [2018-06-04]
OPR Extension: (Social Fixer for Facebook) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\inficfabgpfjiegjgnhmjdagmhlmakoo [2018-06-27]
OPR Extension: (Disable HTML5 Autoplay) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jbinbhipioellbajhbkjlpioadehpfdj [2016-08-03]
OPR Extension: (YouTube High Definition) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcdpccclajomeaeeoggbhglfomndjgfp [2016-02-06]
OPR Extension: (Close Duplicate Tab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcmhmgmojlljfpfnmlbnipanelaliikl [2016-07-28]
OPR Extension: (CloseTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdclfnplpfhdgcmafpbodpejpdnbfhpb [2016-04-20]
OPR Extension: (Translate Web Page) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jggobmlojchhlngdhmmdghgganciigof [2016-02-03]
OPR Extension: (Font Changer with Google Web Fontsâ„¢) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2017-11-28]
OPR Extension: (User-Agent Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2017-11-19]
OPR Extension: (Save To The Wayback Machine) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkoddmeemofcjjeckgiddpgdbnnafoib [2018-05-10]
OPR Extension: (Search Window) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmjjleckcgnlmampjifnllbdhkobinbl [2017-12-17]
OPR Extension: (View Image - \) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2018-08-16]
OPR Extension: (Grammarly for Chrome) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-16]
OPR Extension: (The Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbgapjibpomfdnhllkbijmolmnhloona [2016-04-18]
OPR Extension: (uBlock Origin) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-07-19]
OPR Extension: (Stylus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdinfjomkigjcjcbigolloleeiianaif [2018-07-16]
OPR Extension: (Leo Dictionary Widget) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kepemmpmljphklmpfgfmhpjhpdlccpke [2017-10-14]
OPR Extension: ( Copy URLs ) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgmdofgghbeipjnddielphhhecgnppab [2016-04-18]
OPR Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khgbdhkpcapllhgfekjegcinegfhjbmi [2018-04-09]
OPR Extension: (V7 Sessions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmbgihnlknbjgjhmekjeoidpfimabpp [2016-11-10]
OPR Extension: (Install Chrome Extensions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-08-17]
OPR Extension: (Force Download) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\klahcccondnnonafcbcdgbahphglbjjg [2017-12-11]
OPR Extension: (Flash Player for YouTubeâ„¢) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knbfimhapmnifdchcafinkbfikmomaak [2016-12-15]
OPR Extension: (etymon one-click search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knhbicgmdmcjehdpmipibiebegaoiecc [2017-09-16]
OPR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19]
OPR Extension: (Direct links for Google Image) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lbbpfcajcbdmfhkkleloodefhanneljl [2018-04-12]
OPR Extension: (Disable Extensions Temporarily) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lcfdefmogcogicollfebhgjiiakbjdje [2017-09-13]
OPR Extension: (Wikimedia Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclegfmhkjbcpiikogacbfbpdgfbdifi [2017-11-19]
OPR Extension: (Free Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfkfikiejjfhpfbpgfolfkkdjpepmkal [2018-04-18]
OPR Extension: (Sidebar for YouTubeâ„¢) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljkgfkfopogmclcinephnaeekjiikibd [2017-09-27]
OPR Extension: (V7 Drag) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmmhflhfcljkioicbckchnpfiffcjkjp [2017-11-19]
OPR Extension: (Nehmen Sie Screenshot der Webseite - FireShot) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-01-08]
OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2017-11-19]
OPR Extension: (Tab Close Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfkclbfmlbdmjhndmdbbcmlnhojgopdd [2016-04-18]
OPR Extension: (CLEAN crxMouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mjidkpedjlfnanainpdfnedkdlacidla [2017-11-20]
OPR Extension: (About://Internal Pages) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpkgnldklpemphbfogboacnljgfpnkme [2016-07-28]
OPR Extension: (Video Speed Controller) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-07-08]
OPR Extension: (Copy URL + Title) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhmdngoiikdcodlpeifbjcjpjhefipal [2016-04-18]
OPR Extension: (Save to Pocket) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2018-07-08]
OPR Extension: (Violent monkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-11-19]
OPR Extension: (Scroll To Top Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\njdplanogllnioicoadncjfgfhdnnpha [2018-08-08]
OPR Extension: (dict-cc) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-10-07]
OPR Extension: (SaveFrom.net Helfer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2018-08-16]
OPR Extension: (Better History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\obciceimmggglbmelaidpjlmodcebijb [2017-12-22]
OPR Extension: (Enhancer for YouTube) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2018-08-01]
OPR Extension: (Zoom Popup) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofpknbbbohcgomapfgcgadleckdagikj [2016-04-18]
OPR Extension: (Googleâ„¢ Translator Sidebar) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ogmklpmbehclccahgccdnhjipkmmjaom [2017-08-15]
OPR Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-07-19]
OPR Extension: (Open Multiple URLs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oifijhaokejakekmnjmphonojcfkpbbh [2017-11-21]
OPR Extension: (LEO Wörterbuchsuche) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp [2018-01-08]
OPR Extension: (Mercury Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2018-06-10]
OPR Extension: (Mate Translate – Übersetzer, Wörterbuch) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2018-07-10]
OPR Extension: (V7 History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oneajlghdhobcelcgbgkjaipjoopcggg [2017-08-11]
OPR Extension: (Remove cookie(s) for the current domain) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\opbghiaphmcbefjfoihikkbpjaoanala [2017-03-16]
OPR Extension: (FlexyTrello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pggiemacedhgohmpcgdpceckeicjlgfn [2018-01-05]
OPR Extension: (Context Menus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\phlfmkfpmphogkomddckmggcfpmfchpn [2017-11-20]
OPR Extension: (Extract Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pibjcpkpaecbpifdkbehcicaoaejkaie [2016-04-18]
OPR Extension: (Enhancer for YouTubeâ„¢) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2018-08-01]
OPR Extension: (Enhancer for YouTubeâ„¢) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll []
OPR Extension: (Enhancer for YouTubeâ„¢) - C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_22_0_0_192.dll []
StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files (x86)\Opera developer\Launcher.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
R2 AS ContentsDL; C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe [70520 2013-09-17] (NEC Personal Computers, Ltd.)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2018-04-09] (AOMEI Tech Co., Ltd.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-03-29] (Digital Wave Ltd.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel)
R2 ecomonsv; C:\Program Files\EcoViewer\ecomonsv.exe [280496 2012-12-04] (NEC Personal Computers, Ltd.)
R2 ibtsiva; C:\windows\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [416560 2018-05-28] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd)
S4 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [363144 2016-02-05] (Mailbird)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S4 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2016-12-17] (StagWare) [File not signed]
R2 NEC Move Media Server Monitor Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe [134920 2013-12-16] (CyberLink)
R2 NEC Move Media Server Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe [375560 2013-12-16] (CyberLink)
R2 NECBT SERVICE; C:\Program Files\NECBoot\NECBTSVC.exe [237496 2012-10-05] (NEC Personal Computers, Ltd.)
S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft)
R2 NT Meter; c:\windows\syswow64\NTMETER.exe [98672 2013-05-08] (NEC Personal Computers, Ltd.)
S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 PeakShiftSvc; C:\Program Files\PeakShiftTool\PeakShiftSvc.exe [289624 2013-07-02] (NEC Personal Computers, Ltd.)
R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12704 2017-01-15] ()
R2 ScVssService64; C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [75048 2013-01-28] (Centered Systems)
S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [183568 2018-03-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [X]
S2 EaseUS Agent; "C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe" [X]
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S4 watchtw; C:\windows\SysWOW64\wtwatch.exe [X]
S2 WebServTw; C:\windows\SysWOW64\wstw.exe [X]
S4 wtflserv; C:\windows\SysWOW64\fltw.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 ambakdrv; C:\windows\System32\ambakdrv.sys [51120 2016-12-21] ()
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [171952 2016-12-21] ()
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [38320 2017-09-01] ()
R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
S3 esihdrv; C:\Users\d\AppData\Local\Temp\esihdrv.sys [149928 2018-04-09] (ESET) <==== ATTENTION
R0 EUBAKUP; C:\windows\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] () [File not signed]
R1 EUDSKACS; C:\windows\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\windows\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [231400 2017-05-19] (Intel Corporation)
R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (AO Kaspersky Lab)
R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [72904 2017-12-27] (AO Kaspersky Lab)
R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [122560 2018-02-02] (AO Kaspersky Lab)
R2 kldisk; C:\windows\system32\DRIVERS\kldisk.sys [87752 2018-07-23] (AO Kaspersky Lab)
S0 klelam; C:\windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\windows\system32\DRIVERS\klflt.sys [220360 2018-07-23] (AO Kaspersky Lab)
R1 KLHK; C:\windows\System32\drivers\klhk.sys [1193160 2018-07-23] (AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [1112264 2018-07-23] (AO Kaspersky Lab)
R1 klim6; C:\windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\windows\system32\DRIVERS\klpnpflt.sys [45784 2017-11-29] (AO Kaspersky Lab)
R3 kltap; C:\windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 Klwtp; C:\windows\system32\DRIVERS\klwtp.sys [161080 2018-07-23] (AO Kaspersky Lab)
R1 kneps; C:\windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R1 MFKGTKEY; C:\windows\system32\drivers\mfkgtkey.sys [26960 2013-09-19] (NEC Personal Computers, Ltd.)
R3 necbatt; C:\windows\System32\drivers\necbatt.sys [19760 2013-06-20] (NEC Personal Computers, Ltd.)
R3 necextif; C:\windows\System32\drivers\necextif.sys [26448 2013-06-21] (NEC Personal Computers, Ltd.)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3521032 2017-11-08] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 Ps2Led; C:\windows\system32\DRIVERS\Ps2Led.sys [18768 2013-09-19] (NEC Personal Computers, Ltd.)
R1 Ps2LedIF; C:\windows\system32\drivers\ps2ledif.sys [16208 2013-09-19] (NEC Personal Computers, Ltd.)
R3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows (R) Win 7 DDK provider)
U3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [31856 2017-03-23] (Windows (R) Win 7 DDK provider)
R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-07-18] (Corel Corporation)
R3 RadioSwitchHID; C:\windows\System32\drivers\RadioSwitchHID.sys [19456 2012-08-24] (NEC Personal Computers, Ltd.)
S3 RTLU3E8023-W8-64; C:\windows\system32\DRIVERS\rtu30x64w8.sys [70656 2013-06-18] (Realtek )
S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R0 Sahdad64; C:\windows\System32\Drivers\Sahdad64.sys [28304 2013-07-23] (Corel Corporation)
R0 Saibad64; C:\windows\System32\Drivers\Saibad64.sys [20112 2013-07-23] (Corel Corporation)
R1 SaibVdAd64; C:\windows\System32\Drivers\SaibVdAd64.sys [27792 2013-07-23] (Corel Corporation)
R3 VBoxNetAdp; C:\windows\system32\DRIVERS\VBoxNetAdp6.sys [198032 2018-02-26] (Oracle Corporation)
R1 VBoxNetLwf; C:\windows\system32\DRIVERS\VBoxNetLwf.sys [208392 2018-02-26] (Oracle Corporation)
S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [125008 2015-12-18] (Oracle Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2017-09-24] (OpenLibSys.org)
R1 wtfilter_6589; C:\windows\System32\drivers\wtfilter_6589.sys [86488 2017-02-06] ()
U0 aswVmm; no ImagePath
S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X]
S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Downloads\FRST64.exe
2018-08-17 20:16 - 2018-08-17 20:16 - 000016853 _____ C:\Users\d\Downloads\Download.htm
2018-08-17 20:14 - 2018-08-17 20:19 - 000000000 ____D C:\FRST
2018-08-17 20:13 - 2018-08-17 20:13 - 000001249 _____ C:\Users\d\Desktop\trojaner.txt
2018-08-16 23:57 - 2018-08-16 23:57 - 000000000 ____D C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2018-08-16 13:36 - 2018-08-16 13:39 - 000000000 ____D C:\Users\d\Downloads\car
2018-08-16 00:30 - 2018-07-19 09:06 - 007371616 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-08-16 00:30 - 2018-07-19 08:48 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-08-16 00:30 - 2018-07-19 08:15 - 025745408 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-08-16 00:30 - 2018-07-19 06:35 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-08-16 00:30 - 2018-07-19 06:33 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-08-16 00:30 - 2018-07-19 06:33 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-08-16 00:30 - 2018-07-19 06:30 - 005778432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2018-08-16 00:30 - 2018-07-19 06:21 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-08-16 00:30 - 2018-07-19 06:05 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-08-16 00:30 - 2018-07-19 06:03 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-08-16 00:30 - 2018-07-19 06:01 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-08-16 00:30 - 2018-07-19 05:55 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-08-16 00:30 - 2018-07-19 05:55 - 000099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2018-08-16 00:30 - 2018-07-19 05:54 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-08-16 00:30 - 2018-07-19 05:47 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-08-16 00:30 - 2018-07-19 05:46 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-08-16 00:30 - 2018-07-19 05:45 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-08-16 00:30 - 2018-07-19 05:45 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-08-16 00:30 - 2018-07-19 05:43 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-08-16 00:30 - 2018-07-19 05:32 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-08-16 00:30 - 2018-07-19 05:31 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-08-16 00:30 - 2018-07-19 05:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-08-16 00:30 - 2018-07-19 05:28 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-08-16 00:30 - 2018-07-19 05:20 - 001554944 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-08-16 00:30 - 2018-07-19 05:17 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2018-08-16 00:30 - 2018-07-19 05:09 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-08-16 00:30 - 2018-07-19 05:09 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-08-16 00:30 - 2018-07-19 05:06 - 001329152 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-08-16 00:30 - 2018-07-19 05:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-08-16 00:30 - 2018-07-13 09:51 - 002452824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-08-16 00:30 - 2018-07-07 20:33 - 001548632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2018-08-16 00:30 - 2018-07-07 19:05 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-08-16 00:30 - 2018-07-07 19:02 - 000096768 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2018-08-16 00:30 - 2018-07-07 19:00 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2018-08-16 00:30 - 2018-07-07 18:33 - 000078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2018-08-16 00:30 - 2018-07-07 18:31 - 000113664 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2018-08-16 00:30 - 2018-07-06 19:37 - 001754624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2018-08-16 00:30 - 2018-07-06 18:36 - 001491968 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2018-08-16 00:30 - 2018-06-30 20:00 - 001113952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2018-08-16 00:30 - 2018-06-27 20:10 - 000559104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\csc.sys
2018-08-16 00:30 - 2018-06-27 19:48 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\CscMig.dll
2018-08-16 00:30 - 2018-06-24 17:11 - 000748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-08-16 00:30 - 2018-06-24 17:04 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-08-16 00:30 - 2018-06-19 15:38 - 003611136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2018-08-16 00:30 - 2018-06-19 15:38 - 003321344 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2018-08-16 00:30 - 2018-06-19 15:31 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2018-08-16 00:30 - 2018-06-19 15:29 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2018-08-16 00:30 - 2018-06-16 17:03 - 002779136 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-08-16 00:30 - 2018-06-16 16:59 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-08-16 00:30 - 2018-06-15 06:34 - 000923512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2018-08-16 00:30 - 2018-06-15 04:12 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2018-08-16 00:30 - 2018-06-15 03:55 - 000840192 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2018-08-16 00:30 - 2018-06-15 03:43 - 000186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2018-08-16 00:30 - 2018-06-15 03:26 - 000514560 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2018-08-16 00:30 - 2018-06-15 03:22 - 000866304 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2018-08-16 00:30 - 2018-06-15 03:19 - 000399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2018-08-16 00:30 - 2018-06-08 20:47 - 000083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-08-16 00:29 - 2018-07-19 06:23 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-08-16 00:29 - 2018-07-19 05:53 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-08-16 00:29 - 2018-07-19 05:34 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-08-16 00:29 - 2018-07-19 05:28 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-08-16 00:29 - 2018-06-15 04:28 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-08-16 00:29 - 2018-06-15 04:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-08-11 07:55 - 2018-08-11 07:55 - 759471852 _____ C:\windows\MEMORY.DMP
2018-08-11 07:55 - 2018-08-11 07:55 - 000296888 _____ C:\windows\Minidump\081118-7421-01.dmp
2018-07-18 08:04 - 2018-07-18 08:04 - 000000600 _____ C:\Users\d\AppData\Local\PUTTY.RND
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-17 20:07 - 2016-02-27 04:33 - 000000000 ____D C:\Users\d\AppData\Local\ClassicShell
2018-08-17 18:41 - 2018-02-19 17:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-08-17 17:58 - 2014-06-11 01:27 - 000003868 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A885AFCF-DEDA-4845-AD42-3903A4A06B09}
2018-08-17 16:39 - 2016-10-12 16:25 - 000000000 ____D C:\Users\d\Desktop\_Current
2018-08-17 12:45 - 2014-07-05 21:58 - 000000000 ____D C:\Users\d\AppData\Local\CrashDumps
2018-08-17 04:04 - 2016-12-05 16:31 - 000000000 ____D C:\Users\d\AppData\LocalLow\Mozilla
2018-08-17 02:03 - 2014-06-11 01:30 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417334993-2898295356-3386692794-1001
2018-08-17 01:32 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\ELAM
2018-08-16 19:15 - 2016-01-25 20:22 - 000000000 ____D C:\Users\d\Desktop\linkman database
2018-08-16 16:15 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache
2018-08-16 04:31 - 2016-06-03 21:44 - 000003882 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1464983063
2018-08-16 04:31 - 2016-06-03 21:44 - 000000000 ____D C:\Program Files (x86)\Opera developer
2018-08-16 04:31 - 2014-06-12 21:16 - 000011354 _____ C:\windows\system32\perfh007.dat
2018-08-16 04:31 - 2014-06-12 21:16 - 000006212 _____ C:\windows\system32\perfc007.dat
2018-08-16 04:31 - 2013-08-28 09:06 - 000018338 _____ C:\windows\system32\PerfStringBackup.INI
2018-08-16 04:31 - 2013-08-23 00:47 - 000005884 _____ C:\windows\system32\perfc011.dat
2018-08-16 04:31 - 2013-08-23 00:47 - 000005820 _____ C:\windows\system32\perfh011.dat
2018-08-16 04:31 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf
2018-08-16 04:29 - 2014-06-12 22:14 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-16 04:26 - 2016-07-25 16:40 - 000003332 _____ C:\windows\System32\Tasks\iToolsDaemon
2018-08-16 04:25 - 2016-01-16 12:43 - 000000000 ____D C:\Users\d\Desktop\acv507
2018-08-16 04:25 - 2016-01-16 12:36 - 000000000 ____D C:\Program Files (x86)\Alternative Flash Player Auto-Updater
2018-08-16 04:24 - 2018-04-12 19:10 - 000000082 _____ C:\windows\SysWOW64\winsevr.dat
2018-08-16 04:24 - 2018-04-12 19:09 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2018-08-16 04:24 - 2016-01-11 12:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-08-16 04:24 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-16 04:24 - 2013-08-22 16:44 - 000602656 _____ C:\windows\system32\FNTCACHE.DAT
2018-08-16 04:23 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\BBI
2018-08-16 04:22 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData
2018-08-16 02:12 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp
2018-08-16 01:55 - 2016-04-19 07:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-08-16 00:45 - 2017-10-21 23:08 - 000004514 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-08-16 00:45 - 2017-10-21 23:08 - 000004378 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-08-16 00:45 - 2013-08-22 17:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-08-16 00:45 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\Macromed
2018-08-16 00:06 - 2018-03-14 07:02 - 000004244 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-08-13 15:49 - 2018-03-21 15:19 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-08-13 08:25 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness
2018-08-11 08:09 - 2014-06-11 01:25 - 000000000 ____D C:\Users\d
2018-08-11 07:55 - 2017-06-30 00:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-08-11 07:55 - 2014-07-05 22:35 - 000000000 ____D C:\windows\Minidump
2018-08-11 07:55 - 2014-06-17 04:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-10 00:38 - 2018-05-05 20:25 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 00:38 - 2018-05-05 20:25 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-08 19:10 - 2014-06-12 22:14 - 000003862 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1402604082
2018-08-04 01:46 - 2013-08-22 17:38 - 000836480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-08-04 01:46 - 2013-08-22 17:38 - 000181120 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-29 17:39 - 2016-06-16 16:20 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-26 20:36 - 2016-01-11 13:09 - 000000000 ____D C:\windows\system32\appraiser
2018-07-26 20:26 - 2017-05-13 20:36 - 000002086 _____ C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ____D C:\ProgramData\Skype
2018-07-25 20:50 - 2016-01-23 02:31 - 000000000 ____D C:\Users\d\AppData\Roaming\Skype
2018-07-23 17:20 - 2018-05-28 23:48 - 001112264 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2018-07-23 17:20 - 2018-05-28 23:48 - 000220360 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2018-07-23 17:20 - 2018-04-25 16:16 - 000087752 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\kldisk.sys
2018-07-23 17:20 - 2018-02-17 02:50 - 000161080 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klwtp.sys
2018-07-23 17:18 - 2018-04-25 16:16 - 001193160 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2018-07-23 17:18 - 2018-04-05 20:02 - 000152360 _____ (AO Kaspersky Lab) C:\windows\system32\klhkum.dll
2018-07-19 19:55 - 2016-04-19 08:31 - 000000000 ____D C:\Users\d\AppData\Roaming\PrimoPDF
2018-07-18 08:06 - 2014-02-28 00:46 - 000000000 ____D C:\Users\d\Desktop\@DT@V _Mdps
==================== Files in the root of some directories =======
2004-02-06 21:06 - 2004-02-06 21:06 - 000000000 ____H () C:\ProgramData\sdpsenv.dat
2018-07-18 08:04 - 2018-07-18 08:04 - 000000600 _____ () C:\Users\d\AppData\Local\PUTTY.RND
2018-01-13 16:54 - 2018-01-13 16:54 - 000000218 _____ () C:\Users\d\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
2016-06-17 10:37 - 2016-06-17 10:37 - 003045232 _____ (AnVir Software) C:\Users\d\AppData\Local\Temp\AnVir.exe
2016-04-19 08:35 - 2016-04-19 08:35 - 008108488 _____ () C:\Users\d\AppData\Local\Temp\converter.exe
2014-06-19 00:36 - 2014-06-19 00:36 - 000374208 _____ (ESET) C:\Users\d\AppData\Local\Temp\InstHelper.exe
2016-11-03 20:36 - 2016-11-03 20:36 - 000737856 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-27 05:24 - 2017-01-27 05:24 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-05-04 14:05 - 2017-05-04 14:05 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-07-21 17:36 - 2017-07-21 17:36 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-11-24 13:32 - 2017-11-24 13:32 - 001856576 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-03-28 00:30 - 2018-03-28 00:30 - 001864256 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u161-windows-au.exe
2018-04-25 06:46 - 2018-04-25 06:46 - 001884616 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u171-windows-au.exe
2016-03-23 22:16 - 2016-03-23 22:16 - 000736320 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-07-04 06:55 - 2016-07-04 06:55 - 000739904 _____ (Oracle Corporation) C:\Users\d\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-02-09 23:54 - 2016-01-31 21:51 - 000041432 _____ () C:\Users\d\AppData\Local\Temp\kh_5552.dll
2014-06-17 04:32 - 2014-03-25 00:55 - 000099096 _____ () C:\Users\d\AppData\Local\Temp\LMkRstPt.exe
2017-05-29 05:06 - 2017-05-29 05:06 - 001457312 _____ (Sysinternals - www.sysinternals.com) C:\Users\d\AppData\Local\Temp\loeschen64.exe
2016-02-09 23:54 - 2016-01-31 21:51 - 000038872 _____ () C:\Users\d\AppData\Local\Temp\mh_5552.dll
2016-06-03 21:44 - 2016-06-03 21:44 - 001086464 _____ (Opera Software) C:\Users\d\AppData\Local\Temp\Opera_installer_2016634422903.dll
2016-12-16 03:25 - 2018-07-10 21:46 - 065875720 _____ (Paramount Software UK Ltd) C:\Users\d\AppData\Local\Temp\reflectPatch.exe
2016-02-09 05:18 - 2018-07-25 20:51 - 057812744 _____ (Skype Technologies S.A.) C:\Users\d\AppData\Local\Temp\SkypeSetup.exe
2018-04-09 15:53 - 2018-04-09 15:53 - 004845696 _____ (ESET) C:\Users\d\AppData\Local\Temp\SysInspector.exe
2015-12-31 14:07 - 2015-12-31 14:08 - 031948192 _____ (IDM Computer Solutions, Inc.) C:\Users\d\AppData\Local\Temp\uc_english.exe
2017-05-10 12:32 - 2017-05-10 12:32 - 014456872 _____ (Microsoft Corporation) C:\Users\d\AppData\Local\Temp\vc_redist.x86.exe
2015-08-03 01:58 - 2015-08-03 01:58 - 000118784 _____ () C:\Users\d\AppData\Local\Temp\xmlUpdater.exe
2016-02-09 23:52 - 2013-07-06 17:02 - 001520544 _____ (Pitrinec Software) C:\Users\d\AppData\Local\Temp\~cbu_tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-08-17 04:06
==================== End of FRST.txt ============================
|
| Themen zu Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) |
| askbar, avast, bonjour, browser, defender, desktop, downloader, explorer, fehler, festplatte, flash player, internet, kaspersky, log file, mozilla, popup, realtek, registry, services.exe, sicherheit, starten, svchost.exe, system, temp, ublock origin, usb, windows |
Baum-Darstellung