Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Virus, Malware, Hijack laptop läuft kaum noch

Virus, Malware, Hijack laptop läuft kaum noch


Plagegeister aller Art und deren Bekämpfung: Virus, Malware, Hijack laptop läuft kaum noch

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.12.2018, 22:04   #1
supermax
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Ein freundliches Hallo an alle. Ich hoffe alles richtig verstanden zu haben und möchte jetzt mein Problem Schildern. Alles begann scheinbar damit, dass mein mailacc bei 1u1 gehackt wurde.
Ich bin den Schritten von 1u1 gefolgt. Mails laufen zwar wieder ein, aber der Laptop läuft so bescheiden, das arbeiten eigentlich nicht mehr geht. Dachte erst es liegt nur an Outlook. (Über 40000 ungelesene Mails, die ich aber nicht löschen kann! pstscan.exe hat auch nichts gebracht, oder ich habe was falsch gemacht. Kein Virenscanner findet was (habe Kaspersky total u. Malwarebytes installiert. Ich habe mich jetzt wieder an Hijack erinnert, da ich vor längerer Zeit damit Erfolge hatte. Würde mich wahnsinnig freuen wenn mir hier geholfen werden kann

Beste Grüße

Michael Ihlow


ich schreibe jetzt von meinem W10 Pc, da der beroffene Laptop (W 7 ultimate) kaum noch läuft.

Ich habe hijack laufen lassen und poste mal das Logfile
Angehängte Dateien
Dateityp: log HiJackThis.log (25,5 KB, 128x aufgerufen)

Alt 13.12.2018, 22:35   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus, Malware, Hijack laptop läuft kaum noch - Icon22

Virus, Malware, Hijack laptop läuft kaum noch


Was soll das mit Hijackthis? Müssen wir die Hinweise buntblinkend alle 5 Sekunden ins Forum beamen?

Zitat:
Zitat von Larusso Beitrag anzeigen
Bitte postet uns keine HijackThis, OTL oder DDS Logdateien!

Diese Tools sind bereits überholt und können uns keinen ausreichenden Überblick mehr geben.

Wir bitten euch, folgendes durchzulesen und abzuarbeiten:
Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Nur mit diesen Informationen können wir euch helfen.

Danke!
__________________

__________________
Alt 15.12.2018, 11:05   #3
supermax
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Hallo und Sorry,
Ich habe das Programm laufen lassen und wollte die Logfiles in schicken. Ich bekomme aber das Paket nicht raus... Kann es sein das es zu groß ist. Soll ich jedes einzeln schicken. Genauso jpg von Kaspersky (keine Bedrohungen) / ASR (7 x Malware und viele Fehler)
__________________
Alt 15.12.2018, 15:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.12.2018, 11:27   #5
supermax
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Hallo, habe versucht Frst.txt einzeln zu schicken schein auch zu groß zu sein. die Antwort get nicht raus. Wäre es eine Alternative alles ins web zu laden und dann den Link hier zu posten?
oder soll ich die Dateien in mehreren kleinen teilen unter [CODE] schicken?

Beste Grüße

Michael Ihlow


Alt 18.12.2018, 12:17   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Heißer Tipp: Lesestoff mal komplett lesen.
__________________
--> Virus, Malware, Hijack laptop läuft kaum noch

Alt 18.12.2018, 15:03   #7
supermax
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version: 09.12.2018
durchgeführt von Michael Ihlow (Administrator) auf ICH-LAPTOP (14-12-2018 20:25:35)
Gestartet von C:\Users\Michael Ihlow\Downloads\Virenprogramme
Geladene Profile: Michael Ihlow &  (Verfügbare Profile: Michael Ihlow)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(brother Industries Ltd) C:\Windows\System32\brsvc01a.exe
(brother Industries Ltd) C:\Windows\System32\brss01a.exe
() C:\Program Files\AnyDesk\AnyDesk.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avanquest Software) C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Jing\Jing.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
() C:\Program Files\AnyDesk\AnyDesk.exe
(CRYPTOCOMPANY OU) C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabCrashHandler.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced System Repair Inc.) C:\Program Files\Advanced System Repair Pro 1.8.0.2\tscmon.exe
( Advanced System Repair Inc.) C:\Program Files\Advanced System Repair Pro 1.8.0.2\AdvancedSystemRepairPro.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
Code:
ATTFilter
==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232245576\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232304940\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232323035\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232342605\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232403696\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232427220\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232451108\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232532624\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232557746\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232621108\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232710206\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232734613\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232756787\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232817059\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232838806\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232859124\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232922269\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232945269\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233029622\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233217070\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233244838\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233447133\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233510827\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233554270\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233617716\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233728209\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233755082\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233901093\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233928733\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234024169\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234049944\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234244962\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234446089\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234610050\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234732382\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235125715\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235246946\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235427864\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235452907\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235514629\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235543194\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235708483\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235731879\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235757584\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235818498\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12142018000022054\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12142018000058312\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12142018000929915\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
Code:
ATTFilter
==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232245576\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232304940\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232323035\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232342605\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232403696\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232427220\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232451108\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232532624\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232557746\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232621108\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232710206\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232734613\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232756787\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232817059\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232838806\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232859124\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232922269\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232945269\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233029622\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233217070\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233244838\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233447133\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233510827\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233554270\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233617716\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233728209\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233755082\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233901093\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233928733\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234024169\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234049944\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234244962\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234446089\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234610050\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234732382\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235125715\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235246946\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235427864\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235452907\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235514629\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235543194\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235708483\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235731879\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235757584\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235818498\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12142018000022054\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12142018000058312\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12142018000929915\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Code:
ATTFilter
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [] => [X]

Alt 18.12.2018, 15:08   #8
supermax
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Code:
ATTFilter
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: D - D:\zdata\cobi.exe
Code:
ATTFilter
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\Run: [] => [X]
Code:
ATTFilter
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Run: [5A7F3A2A427DD4CA939B23BAE094191E3A425A8B._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [1426264 2018-11-16] (Google Inc.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Run: [Avanquest Message] => C:\Users\Michael Ihlow\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [497664 2018-06-13] (Avanquest Software)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7407392 2018-11-16] (Lavasoft)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Run: [Jing] => C:\Program Files\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Run: [] => [X]
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14614416 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\MountPoints2: D - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\MountPoints2: {3f1fb30b-3bd0-11e6-b1aa-0013776feb5a} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\MountPoints2: {4cf02484-c075-11e5-932b-0013776feb5a} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\MountPoints2: {5a4fd7b4-909c-11e5-8958-806e6f6e6963} - D:\zdata\cobi.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\MountPoints2: {84ce25ba-ea89-11e5-a524-0013776feb5a} - E:\AutoRun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\MountPoints2: {b717dc9b-a63d-11e8-97d1-0013776feb5a} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\MountPoints2: {d608e30f-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\MountPoints2: {d608e310-a631-11e5-bcbe-0013776feb5a} - E:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2016-03-03]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files\AnyDesk\AnyDesk.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-11-24]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-11-24]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Code:
ATTFilter
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> lp
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=de
CHR Session Restore: Default -> ist aktiviert.
CHR Profile: C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default [2018-12-14]
CHR Extension: (Präsentationen) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02]
CHR Extension: (Docs) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (Google Drive) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24]
CHR Extension: (Google-Suche) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Adobe Acrobat) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-31]
CHR Extension: (CryptoTab) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcaacbfglejpnljiiokpcplbmmlbmnbk [2018-04-10]
CHR Extension: (Tabellen) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-12-13]
CHR Extension: (ClixAddon) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjnhcgkngeeahimbfhejeaiijecekhba [2018-09-12]
CHR Extension: (WordPress.com) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2015-11-24]
CHR Extension: (Skype) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-29]
CHR Extension: (Kaspersky Protection) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-12-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (CryptoSearch) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\oliajjhpgpfciobcodfdhmgcbgmgkffe [2018-04-10]
CHR Extension: (Google Mail) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-24]
CHR Extension: (Chrome Media Router) - C:\Users\Michael Ihlow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM\...\Chrome\Extension: [mnnbfipnegfmpbggccokgcmkokibpkdc] - C:\Program Files\chip\Chrome\chip-1.4.42.crx [2015-04-29]
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AnyDesk; C:\Program Files\AnyDesk\AnyDesk.exe [1452704 2016-03-03] ()
R2 AVP18.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
S3 CliqzMaintenance; C:\Program Files\Cliqz Maintenance Service\maintenanceservice.exe [152816 2016-05-04] (Cliqz GmbH)
S2 KSDE2.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 tscmon; C:\Program Files\Advanced System Repair Pro 1.8.0.2\tscmon.exe [1601872 2018-12-14] (Advanced System Repair Inc.)
R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25888 2018-11-16] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [15744 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [24576 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [29696 2015-01-26] (LG Electronics Inc.)
U1 asrdmon; C:\Windows\system32\drivers\asrdmon.sys [15848 2018-12-14] ()
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [176864 2016-12-26] (AO Kaspersky Lab)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-12-09] (Malwarebytes)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [62184 2018-03-05] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [98592 2018-12-06] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [74432 2018-12-06] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [164032 2018-12-06] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [680232 2018-12-06] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [836392 2018-12-06] (AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [49344 2018-12-06] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [50400 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [51424 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45552 2018-03-05] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48056 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75760 2018-03-05] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [121544 2018-12-06] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [165088 2018-03-05] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2018-12-12] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2018-12-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2018-12-13] (Malwarebytes)
S3 SD11CL32; C:\Windows\System32\DRIVERS\SD11CL32.sys [82688 2011-01-24] (SCM Microsystems Inc.)
S3 SDI01132; C:\Windows\System32\DRIVERS\SDI01132.sys [65408 2011-01-24] (SCM Microsystems Inc.)
U3 aswbdisk; kein ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
Code:
ATTFilter
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-12-14 20:20 - 2018-12-14 20:25 - 000000000 ____D C:\FRST
2018-12-14 09:54 - 2018-12-14 09:54 - 000015848 _____ C:\Windows\system32\Drivers\asrdmon.sys
2018-12-14 09:54 - 2018-12-14 09:54 - 000001120 _____ C:\Users\Public\Desktop\Advanced System Repair Pro.lnk
2018-12-14 09:54 - 2018-12-14 09:54 - 000000000 ____D C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced System Repair Pro
2018-12-14 09:53 - 2018-12-14 10:54 - 000000000 ____D C:\Program Files\Advanced System Repair Pro 1.8.0.2
2018-12-14 00:09 - 2018-12-14 00:10 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET8661.tmp
2018-12-14 00:09 - 2018-12-14 00:09 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SETDD08.tmp
2018-12-14 00:09 - 2018-12-14 00:09 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET3249.tmp
2018-12-14 00:08 - 2018-12-14 00:08 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SETA8CF.tmp
2018-12-14 00:08 - 2018-12-14 00:08 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET3BEA.tmp
2018-12-14 00:07 - 2018-12-14 00:07 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SETBE71.tmp
2018-12-14 00:07 - 2018-12-14 00:07 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET11DE.tmp
2018-12-14 00:06 - 2018-12-14 00:06 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET33A0.tmp
2018-12-14 00:04 - 2018-12-14 00:04 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SETC38F.tmp
2018-12-14 00:04 - 2018-12-14 00:04 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET17F6.tmp
2018-12-14 00:02 - 2018-12-14 00:03 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET8A57.tmp
2018-12-14 00:02 - 2018-12-14 00:02 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET9CBE.tmp
2018-12-14 00:00 - 2018-12-14 00:01 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET7580.tmp
2018-12-14 00:00 - 2018-12-14 00:00 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SETAA55.tmp
2018-12-14 00:00 - 2018-12-14 00:00 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET193D.tmp
2018-12-13 23:57 - 2018-12-13 23:58 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SETA9A9.tmp
2018-12-13 23:57 - 2018-12-13 23:58 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET63A.tmp
2018-12-13 23:57 - 2018-12-13 23:57 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SETE996.tmp
2018-12-13 23:57 - 2018-12-13 23:57 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SETA546.tmp
2018-12-13 23:57 - 2018-12-13 23:57 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET4F89.tmp
2018-12-13 23:55 - 2018-12-13 23:55 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SETD04C.tmp
2018-12-13 23:55 - 2018-12-13 23:55 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET405C.tmp
2018-12-13 22:07 - 2018-12-14 10:11 - 000000000 ____D C:\ProgramData\TSR7Settings
2018-12-13 21:16 - 2018-12-13 21:16 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-13 21:11 - 2018-12-13 21:11 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-13 15:47 - 2018-12-13 15:50 - 007069776 _____ (Stanislav Polshyn & Trend Micro Inc.) C:\Users\Michael Ihlow\Downloads\HiJackThis.exe
2018-12-13 15:39 - 2018-12-13 15:42 - 000558688 _____ C:\Users\Michael Ihlow\Downloads\HiJackThis_CB-DL-Manager.exe
2018-12-13 15:30 - 2018-12-13 15:30 - 000000000 ____D C:\Users\Michael Ihlow\Documents\Neuer Ordner
2018-12-12 22:30 - 2018-12-14 10:53 - 000000000 ____D C:\Users\Michael Ihlow\Documents\privat
2018-12-12 22:11 - 2018-12-12 22:43 - 000000000 ___RD C:\Backup
2018-12-11 13:31 - 2018-12-14 11:52 - 000000000 ____D C:\Users\Michael Ihlow\Documents\Hijack
2018-12-09 12:33 - 2018-12-12 10:38 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-08 11:01 - 2018-12-08 11:01 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\SET3378.tmp
2018-12-06 21:13 - 2018-12-09 17:21 - 000001552 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2018-12-06 21:13 - 2018-12-06 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-12-06 21:10 - 2018-12-06 21:11 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-06 21:04 - 2018-12-09 10:40 - 000002385 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2018-12-06 21:04 - 2018-12-06 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2018-12-06 21:04 - 2018-12-06 21:01 - 000002157 _____ C:\Users\Public\Desktop\Sicherer Zahlungsverkehr.lnk
2018-12-06 21:01 - 2018-12-06 21:01 - 000262144 _____ C:\Windows\system32\config\ELAM
2018-12-06 20:55 - 2018-12-14 20:14 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-12-06 20:55 - 2018-12-06 21:07 - 000000000 ____D C:\Program Files\Kaspersky Lab
2018-12-06 20:53 - 2018-12-06 21:23 - 000836392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-12-06 20:53 - 2018-12-06 21:23 - 000164032 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-12-06 14:18 - 2018-12-06 14:19 - 000000000 ____D C:\Users\Michael Ihlow\Documents\CC Cleaner
2018-12-05 12:13 - 2018-12-05 12:13 - 000000000 ____D C:\Users\Michael Ihlow\AppData\Roaming\CryptoTab Browser
2018-12-02 17:18 - 2018-12-08 12:06 - 000002436 _____ C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CryptoTab Browser.lnk
2018-12-02 17:18 - 2018-12-08 12:06 - 000002399 _____ C:\Users\Michael Ihlow\Desktop\CryptoTab Browser.lnk
2018-12-02 17:17 - 2018-12-08 12:09 - 000000000 ____D C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser
2018-12-02 17:04 - 2018-12-02 17:12 - 000000000 ____D C:\Users\Michael Ihlow\AppData\Local\CryptoCompany
2018-12-02 17:01 - 2018-12-02 17:01 - 000000000 ____D C:\Users\Michael Ihlow\Downloads\Browser
2018-12-02 10:52 - 2018-12-09 12:30 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-02 10:52 - 2018-12-02 10:52 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-02 10:52 - 2018-12-02 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-01 12:03 - 2018-12-01 13:35 - 000000000 ____D C:\Users\Michael Ihlow\Documents\virenprogramme
2018-12-01 11:51 - 2018-12-01 11:51 - 000000000 ____D C:\Program Files\Common Files\Oracle
2018-12-01 11:49 - 2018-12-01 11:49 - 000000000 ____D C:\Program Files\Common Files\Java
2018-11-24 10:16 - 2018-11-29 21:50 - 000000000 ____D C:\Users\Michael Ihlow\Documents\Für Primlife
2018-11-14 15:26 - 2018-10-18 03:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-14 15:26 - 2018-10-12 20:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-14 15:26 - 2018-10-12 20:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-14 15:26 - 2018-09-23 03:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-14 15:26 - 2018-09-23 03:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-14 15:25 - 2018-11-11 02:14 - 004054248 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-11-14 15:25 - 2018-11-11 02:14 - 003960040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-14 15:25 - 2018-11-11 02:14 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-11-14 15:25 - 2018-11-11 02:13 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-11-14 15:25 - 2018-11-11 02:13 - 000189672 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-11-14 15:25 - 2018-11-11 02:13 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-11-14 15:25 - 2018-11-11 02:13 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-11-14 15:25 - 2018-11-11 02:12 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-11-14 15:25 - 2018-11-11 02:11 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-11-14 15:25 - 2018-11-11 02:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-11-14 15:25 - 2018-11-11 02:11 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-11-14 15:25 - 2018-11-11 02:11 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-11-14 15:25 - 2018-11-11 02:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-14 15:25 - 2018-11-11 02:10 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-14 15:25 - 2018-11-11 02:10 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-14 15:25 - 2018-11-11 02:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-11-14 15:25 - 2018-11-11 02:10 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-14 15:25 - 2018-11-11 02:10 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-14 15:25 - 2018-11-11 02:10 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-11-14 15:25 - 2018-11-11 02:10 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-14 15:25 - 2018-11-11 02:10 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-11-14 15:25 - 2018-11-11 02:10 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-11-14 15:25 - 2018-11-11 02:10 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-11-14 15:25 - 2018-11-11 02:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-11-14 15:25 - 2018-11-11 01:45 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-11-14 15:25 - 2018-11-11 01:43 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-11-14 15:25 - 2018-11-11 01:43 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-11-14 15:25 - 2018-11-11 01:41 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-11-14 15:25 - 2018-11-11 01:40 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-11-14 15:25 - 2018-11-11 01:40 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-11-14 15:25 - 2018-11-11 01:40 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-11-14 15:25 - 2018-11-11 01:40 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-11-14 15:25 - 2018-11-11 01:40 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2018-11-14 15:25 - 2018-11-11 01:40 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-11-14 15:25 - 2018-11-11 01:40 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-11-14 15:25 - 2018-10-27 04:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-14 15:25 - 2018-10-27 04:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-14 15:25 - 2018-10-27 04:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-14 15:25 - 2018-10-27 04:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-14 15:25 - 2018-10-27 04:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-14 15:25 - 2018-10-27 04:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2018-11-14 15:25 - 2018-10-27 04:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-14 15:25 - 2018-10-27 04:00 - 002404864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-14 15:25 - 2018-10-18 19:51 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-11-14 15:25 - 2018-10-12 21:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-14 15:25 - 2018-10-12 21:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-14 15:25 - 2018-10-12 21:13 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-11-14 15:25 - 2018-10-12 20:55 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-11-14 15:25 - 2018-10-12 20:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-14 15:25 - 2018-10-06 16:47 - 000162536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-14 15:25 - 2018-10-06 14:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-14 15:25 - 2018-09-23 03:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-14 15:25 - 2018-09-23 03:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-14 15:25 - 2018-09-23 03:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 15:25 - 2018-09-23 03:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-14 15:25 - 2018-08-28 04:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-11-14 15:24 - 2018-11-11 02:11 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-11-14 15:24 - 2018-11-11 02:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-11-14 15:24 - 2018-11-11 02:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-11-14 15:24 - 2018-11-11 02:10 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-11-14 15:24 - 2018-11-11 02:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-11-14 15:24 - 2018-11-11 02:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-11-14 15:24 - 2018-11-11 02:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-11-14 15:24 - 2018-11-11 02:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-11-14 15:24 - 2018-11-11 02:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 01:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-11-14 15:24 - 2018-11-11 01:46 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-11-14 15:24 - 2018-11-11 01:46 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-11-14 15:24 - 2018-11-11 01:46 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-11-14 15:24 - 2018-11-11 01:46 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-11-14 15:24 - 2018-11-11 01:43 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-11-14 15:24 - 2018-11-11 01:41 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-11-14 15:24 - 2018-11-11 01:40 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-11-14 15:24 - 2018-11-11 01:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-11-14 15:24 - 2018-11-11 01:40 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-11-14 15:24 - 2018-11-11 01:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 01:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 01:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 15:24 - 2018-11-11 01:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-11-14 15:24 - 2018-10-12 21:25 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-11-14 15:24 - 2018-10-12 21:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-11-14 15:24 - 2018-10-12 21:25 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-11-14 15:24 - 2018-10-12 21:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-11-14 15:24 - 2018-10-12 21:20 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-11-14 15:24 - 2018-10-12 21:18 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-14 15:24 - 2018-10-12 21:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-14 15:24 - 2018-10-12 21:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-11-14 15:24 - 2018-10-12 21:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-11-14 15:24 - 2018-10-12 21:11 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-11-14 15:24 - 2018-10-12 21:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-11-14 15:24 - 2018-10-12 21:07 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-11-14 15:24 - 2018-10-12 21:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-11-14 15:24 - 2018-10-12 21:05 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-11-14 15:24 - 2018-10-12 21:04 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-11-14 15:24 - 2018-10-12 21:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-14 15:24 - 2018-10-12 21:03 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-11-14 15:24 - 2018-10-12 21:02 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-11-14 15:24 - 2018-10-12 20:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-14 15:24 - 2018-10-12 20:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-14 15:24 - 2018-10-12 20:56 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-14 15:24 - 2018-10-12 20:55 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-11-14 15:24 - 2018-10-12 20:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-14 15:24 - 2018-09-23 03:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-14 15:24 - 2018-09-23 03:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-14 15:24 - 2018-09-23 03:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-11-14 15:24 - 2018-09-23 03:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-14 15:23 - 2018-10-12 21:36 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-11-14 15:23 - 2018-10-12 21:35 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-11-14 15:23 - 2018-10-12 21:20 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-11-14 15:23 - 2018-10-12 21:17 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-11-14 15:23 - 2018-09-23 03:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-11-14 15:23 - 2018-09-23 03:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll

Alt 18.12.2018, 15:16   #9
supermax
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Code:
ATTFilter

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-12-14 20:25 - 2017-03-14 09:38 - 000000000 ____D C:\Users\Michael Ihlow\Downloads\Virenprogramme
2018-12-14 20:08 - 2017-04-24 09:14 - 000000586 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1907951704-2423152542-251965989-1001.job
2018-12-14 20:04 - 2015-12-09 12:05 - 000000000 ____D C:\Users\Michael Ihlow\AppData\Roaming\Skype
2018-12-14 11:06 - 2017-11-19 18:19 - 000000682 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1907951704-2423152542-251965989-1001.job
2018-12-14 10:53 - 2017-07-07 10:14 - 000000000 ____D C:\Users\Michael Ihlow\Documents\Mailanhänge
2018-12-14 08:50 - 2009-07-14 05:34 - 000013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-14 08:50 - 2009-07-14 05:34 - 000013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-13 23:23 - 2016-04-13 21:54 - 000000000 ____D C:\Users\Michael Ihlow\AppData\Local\CrashDumps
2018-12-13 21:26 - 2016-01-27 09:27 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-13 21:10 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-12 23:35 - 2016-08-17 08:01 - 000000000 ____D C:\Windows\system32\MRT
2018-12-12 23:11 - 2016-08-17 07:58 - 134209608 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-12 23:01 - 2015-11-22 00:05 - 001602324 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-12 23:01 - 2009-07-14 09:47 - 000702890 _____ C:\Windows\system32\perfh007.dat
2018-12-12 23:01 - 2009-07-14 09:47 - 000150498 _____ C:\Windows\system32\perfc007.dat
2018-12-12 23:01 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-12-11 13:31 - 2018-05-27 09:00 - 000000000 ____D C:\Users\Michael Ihlow\Documents\rechnungen
2018-12-10 10:41 - 2009-07-14 05:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-12-09 15:27 - 2018-06-03 21:45 - 000010035 _____ C:\Users\Michael Ihlow\Documents\geschlossene Seiten.xlsx
2018-12-09 13:08 - 2017-12-16 20:52 - 000000000 ____D C:\Users\Michael Ihlow\AppData\Local\ElevatedDiagnostics
2018-12-09 12:58 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2018-12-06 21:27 - 2018-03-05 21:28 - 000049344 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2018-12-06 21:26 - 2018-03-05 21:28 - 000680232 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-12-06 21:23 - 2016-05-31 23:24 - 000074432 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldisk.sys
2018-12-06 21:22 - 2018-03-05 21:28 - 000121544 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2018-12-06 21:22 - 2018-03-05 21:28 - 000098592 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys
2018-12-06 20:39 - 2015-11-22 00:13 - 000070472 _____ C:\Users\Michael Ihlow\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-06 16:33 - 2015-12-10 05:05 - 000000000 ____D C:\Program Files\CCleaner
2018-12-06 16:29 - 2009-07-14 05:33 - 000305856 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-06 13:49 - 2017-12-23 10:41 - 000000000 ____D C:\Users\Michael Ihlow\Documents\Kasperski
2018-12-06 11:59 - 2015-12-01 15:29 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-12-06 11:59 - 2015-12-01 15:29 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-12-06 11:59 - 2015-12-01 15:29 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-06 11:45 - 2015-11-22 00:01 - 000000000 ____D C:\Users\Michael Ihlow
2018-12-06 11:32 - 2017-12-23 15:36 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-12-02 21:09 - 2017-07-09 11:11 - 000000000 ____D C:\Users\Michael Ihlow\AppData\Local\GoToMeeting
2018-12-01 22:41 - 2016-02-20 22:13 - 000000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2018-12-01 22:36 - 2016-02-20 22:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-01 11:51 - 2017-06-19 20:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-01 11:51 - 2017-06-19 20:11 - 000000000 ____D C:\Program Files\Java
2018-12-01 11:47 - 2017-06-19 20:14 - 000096632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-11-29 11:27 - 2015-11-24 09:33 - 000002162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-29 11:27 - 2015-11-24 09:33 - 000002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-27 02:33 - 2015-11-22 00:21 - 000496160 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-11-22 12:04 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2018-11-14 16:31 - 2016-04-12 16:05 - 000000000 ____D C:\Users\Michael Ihlow\Documents\Bofrost

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-02-18 21:28 - 2016-02-18 21:30 - 012825430 _____ () C:\Program Files\FileZilla_3.15.0.2-setup.zip
2015-11-24 23:23 - 2015-11-24 23:23 - 016229400 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-11-30 15:02 - 2016-01-08 08:47 - 000038266 _____ () C:\Users\Michael Ihlow\AppData\Roaming\Microsoft Excel 97-2003.ADR
2017-03-18 07:49 - 2017-03-18 07:49 - 000000000 _____ () C:\Users\Michael Ihlow\AppData\Local\{374A96D7-059C-44C3-8F3D-1F1B21F63858}

Einige Dateien in TEMP:
====================
2018-12-14 10:07 - 2018-12-14 10:07 - 000392704 _____ () C:\Users\Michael Ihlow\AppData\Local\Temp\dfrBFE3.tmp.dll
2018-12-13 08:29 - 2018-12-13 08:29 - 000001536 _____ () C:\Users\Michael Ihlow\AppData\Local\Temp\NOSEventMessages.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2018-12-06 14:53

==================== Ende vom FRST.txt ============================
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version: 09.12.2018
durchgeführt von Michael Ihlow (14-12-2018 20:33:23)
Gestartet von C:\Users\Michael Ihlow\Downloads\Virenprogramme
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2015-11-21 23:01:42)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1907951704-2423152542-251965989-500 - Administrator - Disabled)
Gast (S-1-5-21-1907951704-2423152542-251965989-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1907951704-2423152542-251965989-1002 - Limited - Enabled)
Michael Ihlow (S-1-5-21-1907951704-2423152542-251965989-1001 - Administrator - Enabled) => C:\Users\Michael Ihlow

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Total Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Total Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
Advanced System Repair Pro (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\Advanced System Repair Pro) (Version: 1.8.0.2 - Advanced System Repair, Inc.)
AnyDesk (HKLM\...\AnyDesk) (Version: ad 2.2.0 - philandro Software GmbH)
Ausschneiden 2.0 (HKLM\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.07.0 - Avanquest Software)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Ausschneiden Trial (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 2.00 - Avanquest)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest Message (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.08.0 - Avanquest Software)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Brother MFL-Pro Suite DCP-115C (HKLM\...\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
calibre (HKLM\...\{3000D354-D0BB-4FF3-89F9-04B6E9DD51BA}) (Version: 2.47.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
Code:
ATTFilter
CHIP Best Deal (HKLM\...\{EE3873C3-C84D-432D-99B0-4931FE07E5D1}) (Version: 1.4.42 - Adspired GmbH)
CLIQZ 1.2.0 (x86 de) (HKLM\...\CLIQZ 1.2.0 (x86 de)) (Version: 1.2.0 - Cliqz GmbH)
Cliqz Maintenance Service (HKLM\...\CliqzMaintenanceService) (Version: 1.2.0 - Cliqz GmbH)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
CryptoTab Browser (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\CryptoTab Browser) (Version: 69.0.3497.100 - CryptoTab Browser)
Debut Videorekorder (HKLM\...\Debut) (Version: 2.17 - NCH Software)
Express Burn (HKLM\...\ExpressBurn) (Version: 4.78 - NCH Software)
FileZilla Client 3.16.1 (HKLM\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Free Extended Task Manager (HKLM\...\Free Extended Task Manager) (Version: 1.0.0.46 - Extensoft)
Google Chrome (HKLM\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Drive (HKLM\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoTo Opener (HKLM\...\{351B54B2-1AFC-42A7-A8C0-9E05C26F0D1E}) (Version: 1.0.470 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
GoToMeeting 8.38.1.11282 (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\GoToMeeting) (Version: 8.38.1.11282 - LogMeIn, Inc.)
InstaCards (HKLM\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.6.2 - InPixio)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 191 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Jing (HKLM\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
Kaspersky Secure Connection (HKLM\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Total Security (HKLM\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
LastPass (Nur deinstallieren) (HKLM\...\LastPass) (Version:  - LastPass)
LG PC Suite (HKLM\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Drivers (HKLM\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Malwarebytes Version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MetaTrader - ActivTrades (HKLM\...\MetaTrader - ActivTrades) (Version: 4.00 - MetaQuotes Software Corp.)
MFC RunTime files (HKLM\...\{70C592EC-AE9B-4734-928B-676E824FB41E}) (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.7.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{91170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSVC80_x86_v2 (HKLM\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 11 DiscSpeed (HKLM\...\{B8B03F99-F600-4D96-ADBD-2F384240FB9C}) (Version: 11.0.00400 - Nero AG)
NirSoft Network Password Recovery (HKLM\...\NirSoft Network Password Recovery) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\{88B6F9DE-C80F-4A70-ACF6-BEE933679170}) (Version: 3.8.54.0 - Nokia) Hidden
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
PaperPort (HKLM\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0823 - ScanSoft, Inc.)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Prism Videodatei-Konverter (HKLM\...\Prism) (Version: 2.27 - NCH Software)
SDI011 dual interface reader (HKLM\...\{D0ED9100-DFFB-482C-8DB6-C626264757BD}) (Version: 1.01 - SCM Microsystems)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Softwarenetz Kassenbuch5 (HKLM\...\Kassenbuch5) (Version:  - Softwarenetz)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_WORD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VideoPad Video-Editor (HKLM\...\VideoPad) (Version: 4.42 - NCH Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WavePad Audio-Editor (HKLM\...\WavePad) (Version: 6.12 - NCH Software)
Web Companion (HKLM\...\{6e14ae91-43c1-4fa7-8a4c-879fd46cffc2}) (Version: 4.4.1950.3825 - Lavasoft)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\WowApp) (Version: 8.0.4 - WowApp)
WowApp (HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\WowApp) (Version: 8.0.4 - WowApp)
Code:
ATTFilter
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
Code:
ATTFilter
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235037782_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235037782_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235037782_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235037782_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235037782_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235037782_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235037782_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235037782_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235037782_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235037782_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001_Classes\CLSID\{3AD085D8-E796-4ADC-8445-AA011FDD0777}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\69.0.3497.100\notification_helper.exe (The Chromium and CryptoTab Browser Authors)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001_Classes\CLSID\{73C00DE8-071E-461A-B7F8-DC77E497FD25}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001_Classes\CLSID\{8706B3AE-0A08-456B-BE52-E5C92C3CE3A5}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001_Classes\CLSID\{B6657103-1FBA-45B5-B85C-401A200D5F48}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001_Classes\CLSID\{C9C21BCB-896A-4AE7-88AB-0FE560AC47CF}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001_Classes\CLSID\{E42117EA-B6B9-4379-9B51-09FEC7D99C64}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\psuser.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001_Classes\CLSID\{E5C121AB-1867-417F-9087-707A5171E879}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001_Classes\CLSID\{F90026A8-A02E-4F1C-A0C6-76955A119600}\InprocServer32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\npCryptoTabUpdate3.dll (CRYPTOCOMPANY OU)
CustomCLSID: HKU\S-1-5-21-1907951704-2423152542-251965989-1001_Classes\CLSID\{FA993726-E771-49B1-BAE5-F50E557E059B}\localserver32 -> C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateOnDemand.exe (CRYPTOCOMPANY OU)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-04-23] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2018-04-23] (Google)
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\shellex.dll [2018-12-06] (AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\shellex.dll [2018-12-06] (AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2018-04-23] (Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\shellex.dll [2018-12-06] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\shellex.dll [2018-12-06] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

Alt 18.12.2018, 15:18   #10
supermax
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Code:
ATTFilter
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04B31AB9-E08D-41B9-AE4C-BF928B373EEF} - System32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun => C:\Program Files\Advanced System Repair Pro 1.8.0.2\AdvancedSystemRepairPro.exe [2018-12-14] ( Advanced System Repair Inc.)
Task: {06C6CD88-3BFA-4C0D-9D2E-75904A586599} - System32\Tasks\G2MUploadTask-S-1-5-21-1907951704-2423152542-251965989-1001 => C:\Users\Michael Ihlow\AppData\Local\GoToMeeting\11282\g2mupload.exe [2018-12-02] (LogMeIn, Inc.)
Task: {1C8B4535-D264-46D4-92D2-31A88B513D63} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {2D81DFB2-EE74-4D73-8DD8-2DA79D839232} - System32\Tasks\CryptoTabUpdateTaskUserS-1-5-21-1907951704-2423152542-251965989-1001UA => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe [2018-12-02] (CRYPTOCOMPANY OU)
Task: {4D963A48-96F5-47F9-8D07-9F66EB077F8F} - System32\Tasks\chipSWU => cscript.exe "C:\Program Files\chip\Internet Explorer\swu.vbs"
Task: {58695892-7B11-453A-B14E-6EA3DB4CEF95} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {5D6346D1-782F-4B0F-94DB-34133510D1D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {657DAE6A-203D-481A-B628-5561E1669A06} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)
Task: {77F8CC91-C52B-4D3F-B688-444529AF472F} - System32\Tasks\G2MUpdateTask-S-1-5-21-1907951704-2423152542-251965989-1001 => C:\Users\Michael Ihlow\AppData\Local\GoToMeeting\11282\g2mupdate.exe [2018-12-02] (LogMeIn, Inc.)
Task: {81759FF4-647A-4739-9D92-5BE8380E4008} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {A207FAE4-0F93-4E11-9E7A-E6DE420B0A89} - System32\Tasks\{9756BEFE-11EA-4297-A7DF-A6323093EBBA} => C:\Windows\system32\pcalua.exe -a "C:\Users\Michael Ihlow\Downloads\MSReaderPPCGERSetup.exe" -d "C:\Users\Michael Ihlow\Downloads"
Task: {A7AB2BA1-1EAE-44D8-83CD-64A523A3D0CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-24] (Google Inc.)
Task: {A7F3D67A-AB1E-4E19-AAAD-20DCC996585C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-24] (Google Inc.)
Task: {C0A60636-57B1-4B8A-9890-F55F58B54F8A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-06] (Adobe Systems Incorporated)
Task: {DE668B5C-C6CE-458A-A25A-9A3CAD641F7A} - System32\Tasks\{C218A3EC-CC22-408D-AE30-D5FE1B4B561D} => C:\Windows\system32\pcalua.exe -a C:\Users\MICHAE~1\AppData\Local\Temp\jre-8u181-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {EFAF34EB-5C6E-49EA-8173-A4065DC26598} - System32\Tasks\CryptoTabUpdateTaskUserS-1-5-21-1907951704-2423152542-251965989-1001Core => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\CryptoTabUpdate.exe [2018-12-02] (CRYPTOCOMPANY OU)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1907951704-2423152542-251965989-1001.job => C:\Users\Michael Ihlow\AppData\Local\GoToMeeting\11282\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1907951704-2423152542-251965989-1001.job => C:\Users\Michael Ihlow\AppData\Local\GoToMeeting\11282\g2mupload.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.co

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-03-03 18:44 - 2016-03-03 18:18 - 001452704 _____ () C:\Program Files\AnyDesk\AnyDesk.exe
2018-12-06 20:59 - 2018-12-06 20:59 - 000836968 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 18.0.0\kpcengine.2.3.dll
2015-12-01 20:48 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2016-03-15 09:57 - 2018-11-16 13:17 - 000025888 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-03-15 09:57 - 2018-11-16 13:17 - 000017696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-03-15 09:57 - 2018-11-16 13:17 - 000037664 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-03-16 11:20 - 2016-03-16 11:20 - 000048816 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2003-07-11 02:09 - 2003-07-11 02:09 - 000048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2017-08-18 11:55 - 2018-11-16 13:17 - 000120608 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2016-02-18 21:30 - 2018-11-16 13:17 - 000105248 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-02-18 21:30 - 2018-11-16 13:17 - 000373536 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-08-01 16:48 - 2018-11-16 13:17 - 000067360 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Events.dll
2016-02-18 21:30 - 2018-11-16 13:17 - 000059168 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-02-18 21:30 - 2018-11-16 13:17 - 000057632 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 008507232 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 002354016 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 001014624 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 000364384 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 002480992 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 001346912 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 000206176 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 002653024 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 000033120 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 000035680 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 000207200 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 011166560 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 000276832 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2014-11-11 09:21 - 2014-11-11 09:21 - 000392552 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2014-11-11 09:21 - 2014-11-11 09:21 - 000059752 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2014-11-19 11:47 - 2014-11-19 11:47 - 000438624 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 000446304 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 000520544 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 000720736 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2014-11-19 11:46 - 2014-11-19 11:46 - 000606560 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2014-11-19 11:48 - 2014-11-19 11:48 - 000093024 _____ () C:\Program Files\Nokia\Nokia Suite\qjson.dll
2018-12-13 21:11 - 2018-12-13 21:11 - 000098816 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32api.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000110080 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\pywintypes27.dll
2018-12-13 21:11 - 2018-12-13 21:11 - 000364544 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\pythoncom27.dll
2018-12-13 21:11 - 2018-12-13 21:11 - 000320512 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32com.shell.shell.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000914432 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\_hashlib.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 001176576 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\wx._core_.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000806400 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\wx._gdi_.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000816128 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\wx._windows_.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 001067008 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\wx._controls_.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000733184 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\wx._misc_.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000682496 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\pysqlite2._sqlite.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000088064 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\_ctypes.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000686080 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\unicodedata.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000119808 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32file.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000108544 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32security.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000007168 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\hashobjs_ext.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000017920 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\thumbnails_ext.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000088064 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\usb_ext.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000012800 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\common.time34.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000018432 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32event.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000167936 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32gui.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000046080 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\_socket.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 001303552 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\_ssl.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000128512 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\_elementtree.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000127488 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\pyexpat.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000038912 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32inet.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000036864 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\_psutil_windows.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000525208 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\windows._lib_cacheinvalidation.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000011264 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32crypt.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000123392 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\wx._wizard.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000077312 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\wx._html2.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000027648 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\_multiprocessing.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000020480 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\_yappi.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000035840 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32process.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000078848 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\wx._animate.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000024064 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32pipe.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000010240 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\select.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000025600 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32pdh.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000017408 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32profile.pyd
2018-12-13 21:11 - 2018-12-13 21:11 - 000022528 ____R () C:\Users\Michael Ihlow\AppData\Local\Temp\_MEI38522\win32ts.pyd
2018-11-28 17:11 - 2018-11-28 17:11 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-11-28 17:11 - 2018-11-28 17:11 - 000098376 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2018-12-14 10:54 - 2018-12-14 10:54 - 000063824 _____ () C:\Program Files\Advanced System Repair Pro 1.8.0.2\pcw.dll
2018-12-14 10:07 - 2018-12-14 10:07 - 000392704 _____ () C:\Users\Michael Ihlow\AppData\Local\Temp\dfrBFE3.tmp.dll
Code:
ATTFilter
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:04 - 2009-06-10 22:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1907951704-2423152542-251965989-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232247581\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232308380\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232325521\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232348030\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232410835\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232511832\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232626836\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232652704\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232822396\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232842586\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232928718\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018232949536\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233111039\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233255122\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233341864\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018233557346\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234152364\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234314207\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234457663\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234614250\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234734625\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018234906300\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235129819\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235255358\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235340412\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235554758\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1907951704-2423152542-251965989-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12132018235857221\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Ihlow\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.

MSCONFIG\startupreg: WowApp => C:\Users\Michael Ihlow\AppData\Roaming\WowApp\WowApp.exe
Code:
ATTFilter
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{C5E54E7C-8BC6-476C-889B-A29CA92C5E0F}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8C1E8965-BF86-4183-8B06-86F8726729E4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{6650EBF5-A127-494A-8413-E61FDADA9E78}\\michaelihlow-pc\pc alt manuelle sicherung2\documents\partnerprogramme\sven hansen\anydesk.exe] => (Allow) \\michaelihlow-pc\pc alt manuelle sicherung2\documents\partnerprogramme\sven hansen\anydesk.exe
FirewallRules: [UDP Query User{D0CA33A2-EC2C-4E0C-A277-67F383726DE8}\\michaelihlow-pc\pc alt manuelle sicherung2\documents\partnerprogramme\sven hansen\anydesk.exe] => (Allow) \\michaelihlow-pc\pc alt manuelle sicherung2\documents\partnerprogramme\sven hansen\anydesk.exe
FirewallRules: [{73C56BD2-135E-4902-B9FB-3A62A398DE23}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{B6D5B177-253B-4E95-8ADF-2620A71CD10A}] => (Allow) C:\Program Files\CLIQZ\CLIQZ.exe
FirewallRules: [{E3CA9542-3B7F-4303-839D-5366B8DDA960}] => (Allow) C:\Program Files\CLIQZ\CLIQZ.exe
FirewallRules: [{338D4444-1420-40FE-B9CD-248BDF64B4FE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{19082F03-332C-4D9C-ACE3-423A89081D42}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{F6AB0114-1A4B-45F3-9F2A-A6AC55BE3A89}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [TCP Query User{2C1FE20C-8677-4B5D-B420-000FB83F7C20}C:\program files\kaspersky lab\kaspersky secure connection 2.0\openvpn.exe] => (Allow) C:\program files\kaspersky lab\kaspersky secure connection 2.0\openvpn.exe
FirewallRules: [UDP Query User{C4D4BAE5-1BA1-47AA-8513-C7EC1C4B2F0C}C:\program files\kaspersky lab\kaspersky secure connection 2.0\openvpn.exe] => (Allow) C:\program files\kaspersky lab\kaspersky secure connection 2.0\openvpn.exe
FirewallRules: [{78DF3D92-2E81-407B-B6B1-AE74B8A2BE69}] => (Block) C:\program files\kaspersky lab\kaspersky secure connection 2.0\openvpn.exe
FirewallRules: [{B695AFD1-7A80-49D8-A2F4-B0BA9E1A1FBD}] => (Block) C:\program files\kaspersky lab\kaspersky secure connection 2.0\openvpn.exe
FirewallRules: [{15E9C9F9-77BA-4EF8-9691-60A17B39EC51}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe
FirewallRules: [{0B13BDBD-70D9-465F-A27D-29377CAA5046}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe
FirewallRules: [{A66869C1-08E2-4330-8B51-ECF99DCAB1DE}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe
FirewallRules: [{8704DA68-ED8F-44F1-9184-33577746EA2B}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe
FirewallRules: [{8668D7F9-2AD0-4499-8C94-16F6A3D51FCE}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe
FirewallRules: [{FCCDF2B4-87DA-4A05-B737-8ED9664B5E4F}] => (Allow) C:\Program Files\AnyDesk\AnyDesk.exe

==================== Wiederherstellungspunkte =========================

02-12-2018 11:05:03 Windows Update
07-12-2018 09:54:06 Windows Update
12-12-2018 22:53:13 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/14/2018 08:24:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 7.40.0.151 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1040

Startzeit: 01d493200ca98aa1

Endzeit: 773

Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe

Berichts-ID:

Error: (12/14/2018 07:58:44 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2018/12/14 19:58:44.141]: [00000480]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (12/14/2018 04:49:23 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2018/12/14 16:49:23.689]: [00000480]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (12/14/2018 04:49:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2018/12/14 16:49:22.689]: [00000480]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (12/14/2018 04:49:21 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2018/12/14 16:49:21.689]: [00000480]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (12/14/2018 04:16:03 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2018/12/14 16:16:03.017]: [00000480]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (12/14/2018 04:16:02 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2018/12/14 16:16:02.017]: [00000480]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (12/14/2018 12:44:15 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2018/12/14 12:44:15.229]: [00000480]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5


Systemfehler:
=============
Error: (12/14/2018 08:34:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

Error: (12/14/2018 08:34:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

Error: (12/14/2018 08:33:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

Error: (12/14/2018 08:33:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

Error: (12/14/2018 08:32:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

Error: (12/14/2018 08:32:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

Error: (12/14/2018 08:31:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

Error: (12/14/2018 08:31:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.


Windows Defender:
===================================
Date: 2018-11-14 21:55:52.778
Description: 
Die Windows Defender-Überprüfung wurde vor Fertigstellung beendet.
Überprüfungs-ID:{0BE5B9E1-EA7B-4A17-84C5-9656C0AC2CA2}
Überprüfungstyp:AntiSpyware
Überprüfungsparameter:Schnellscan
Benutzer:ich-Laptop\Michael Ihlow

Date: 2018-07-04 12:09:52.496
Description: 
Beim Aktualisieren der Signaturen wurde von Windows Defender ein Fehler festgestellt.
Neue Signaturversion:1.271.442.0
Vorherige Signaturversion:1.269.1075.0
Aktualisierungsquelle:Benutzer
Signaturtyp:AntiSpyware
Aktualisierungstyp:Delta
Benutzer:NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:1.1.15000.2
Vorherige Modulversion:1.1.14901.4
Fehlercode:0x80070666
Fehlerbeschreibung:Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen. 

Date: 2018-07-04 12:09:52.495
Description: 
Beim Aktualisieren des Moduls wurde von Windows Defender ein Fehler festgestellt.
Neue Modulversion:1.1.15000.2
Vorherige Modulversion:1.1.14901.4
Aktualisierungsquelle:Benutzer
Benutzer:NT-AUTORITÄT\SYSTEM
Fehlercode:0x80070666
Fehlerbeschreibung:Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen. 

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Prozentuale Nutzung des RAM: 67%
Installierter physikalischer RAM: 2038.43 MB
Verfügbarer physikalischer RAM: 670.55 MB
Summe virtueller Speicher: 4564.61 MB
Verfügbarer virtueller Speicher: 1862.4 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:774.15 GB) NTFS
Drive d: (ZULU) (CDROM) (Total:5.31 GB) (Free:0 GB) UDF

\\?\Volume{5a4fd7b0-909c-11e5-8958-806e6f6e6963}\ (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: EACDAA1D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== Ende vom Addition.txt ============================

Alt 18.12.2018, 16:00   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Zitat:
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Prozentuale Nutzung des RAM: 67%
Installierter physikalischer RAM: 2038.43 M
Also mit diesem Lahmarsch Rechner wird das eh nichts nicht mehr. Schon dreimal nicht, wenn noch der Systemvergewaltiger Kaspersky drauf ist.

Der Rechner dürfte um die zehn Jahre alt sein. Mit diesem Elektroschrott wird das performancemäßig nie wieder was werden.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.12.2018, 16:49   #12
M-K-D-B
/// TB-Ausbilder
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


*reinhüpf*

Mit "Mining" Software und PUP kann man den Rechner zusätzlich verlangsamen
Zitat:
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [CryptoTab Update] => C:\Users\Michael Ihlow\AppData\Local\CryptoCompany\Update\1.3.99.13\CryptoTabUpdateCore.exe [632872 2018-12-02] (CRYPTOCOMPANY OU)
HKU\S-1-5-21-1907951704-2423152542-251965989-1001\...\Run: [CryptoTab Browser] => C:\Users\Michael Ihlow\AppData\Local\CryptoTab Browser\Application\browser.exe [1430568 2018-12-04] (The Chromium and CryptoTab Browser Authors)

Advanced System Repair Pro
Web Companion
Vielleicht soll die Hardware ja den Geist aufgeben, damit man einen Grund hat, sich ein neues Gerät anzuschaffen.

*raushüpf*
Geändert von M-K-D-B (18.12.2018 um 16:56 Uhr)

Alt 18.12.2018, 17:02   #13
M-K-D-B
/// TB-Ausbilder
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Vorhin glatt überlesen:

Zitat:
Zitat von cosinus Beitrag anzeigen
Schon dreimal nicht, wenn noch der Systemvergewaltiger Kaspersky drauf ist.

Alt 19.12.2018, 23:49   #14
supermax
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Ok. und danke... hab´s ja kapiert, das das ein altes Teil ist und nie mehr ein Ferrari wird...
Lief aber bisher ordentlich und hat seine Arbeit gemacht. Hängt vor allen im Netzwerk und ich habe angst, das der rest auch betroffen ist! Wenn Kaspersky Mist ist, obwohl mir das Teil echt geholfen hat in der Vergangenheit, dann erklärt mir doch bitte warum und was besser ist. Bemerkung Systemvergewaltiger geben mir zwar einen Denkanstoß, helfen aber nicht wirklich weiter... Was wäre die Alternative? Ihr bewerbt hier Advanced System Repair... Habe das auch laufen lassen. Hat tonnenweise Fehler gefunden. Könnte aber nur Zips schicken, da keine Logs gefunden...
hat ewig lange gebraucht um mir den Einmalschlüssel zu schicken. (kann ja auch wieder an meinem "Electroschrott" liegen.) Nach dem Scan, der angeblich erfolgreich abgeschlossen war kamen aber noch wesentlich mehr Fehler. Dummenfang? oder soll ich das wirklich kaufen? Die ewige Werbung jetzt neu zu scannen ist mehr als aufdringlich.Testberichte sind ja auch nicht gerade optimal. Aber man kann ja auch nicht alles glauben was da so geschrieben steht. Bringt das also wirklich was?

Alt 20.12.2018, 00:51   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus, Malware, Hijack laptop läuft kaum noch - Standard

Virus, Malware, Hijack laptop läuft kaum noch


Also diese Voreile versteh ich mal wieder nicht
Nur weil irgendeine Werbeinblendung ist, auf die die einzelnen Helfer keinerlei Einfluss haben, installierst du sofort ohne Rückfrage neuen Schrott.

Wie dem auch sei, das System ist performancemäßig eh der letzte Schrott und kann unter Windows nicht wirklich sinnvoll betrieben werden. Also neuen Rechner kaufen und/oder diesen alten Rechner mit Linux bespielen und schauen ob der dann noch bedienbar ist. Dann aber auch etwas leichtest nehmen, also zB Lubuntu oder Ubuntu MATE.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Virus, Malware, Hijack laptop läuft kaum noch
arbeiten, falsch, gehackt, hijack, kaspersky, kein virenscan, laptop, laufen, logfile, löschen, mails, malware, malwarebytes, nicht löschen, nicht mehr, nichts, problem, richtig, scanner, schei, total, virenscan, virenscanner, virus, würde


« Variante von Win32/FusionCore.AD potenziell unerwünschte Anwendung | Infizierte Datei lässt sich nicht löschen »


Ähnliche Themen: Virus, Malware, Hijack laptop läuft kaum noch


  1. PC reagiert kaum noch
    Plagegeister aller Art und deren Bekämpfung - 10.12.2015 (26)
  2. Unerwünschte Werbefenster in Chrome - Laptop so langsam, sodass kaum noch verwendbar!
    Plagegeister aller Art und deren Bekämpfung - 17.10.2015 (12)
  3. Malwarebytes Anti-Malware geht erst nicht, findet dann Security.Hijack - Ist da noch mehr?
    Log-Analyse und Auswertung - 21.08.2014 (17)
  4. Windows 7 Laptop läuft seit 2 Wochen nur noch mit untragbarer Geschwindigkeit
    Log-Analyse und Auswertung - 20.08.2014 (10)
  5. Win 7 (32): Laptop kaum noch nutzbar; Iminent & Co.
    Log-Analyse und Auswertung - 10.07.2014 (3)
  6. Windows 7: Laptop läuft langsam. Versteckte Malware?
    Log-Analyse und Auswertung - 21.04.2014 (5)
  7. PC läuft kaum noch ... bitguard.dll Virus?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2014 (15)
  8. Polizei Österreich Virus - Paysafe ... PC läuft noch ganz normal? was tun?
    Plagegeister aller Art und deren Bekämpfung - 11.01.2014 (11)
  9. Laptop Läuft 15 Sekunden und dann kommt dass (Foto), Wegen Virus?
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (1)
  10. HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung
    Log-Analyse und Auswertung - 11.07.2012 (29)
  11. Firefox verbindet kaum noch
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (17)
  12. Verseucht - Windows läuft kaum noch. Rogue.FakeHDD; Trojan.FakeMS; Rogue.AntiMalware; Trojan.Agent
    Log-Analyse und Auswertung - 08.06.2011 (22)
  13. Laptop Läuft nur noch im Abgesicherten Modus, auch nach Windows Neuinstallation !
    Alles rund um Windows - 09.05.2011 (5)
  14. CPU Auslastung ausgeschöpft Laptop Startet kaum noch
    Log-Analyse und Auswertung - 03.12.2007 (5)
  15. Hilfe, mein Rechner läuft kaum noch! Kann keine zwei programme nebeneinander laufen!
    Log-Analyse und Auswertung - 01.04.2006 (11)
  16. Rechner läuft kaum noch
    Log-Analyse und Auswertung - 07.02.2005 (4)
  17. Kaum noch Hoffnung...
    Log-Analyse und Auswertung - 11.01.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus, Malware, Hijack laptop läuft kaum noch - Ein freundliches Hallo an alle. Ich hoffe alles richtig verstanden zu haben und möchte jetzt mein Problem Schildern. Alles begann scheinbar damit, dass mein mailacc bei 1u1 gehackt wurde. Ich - Virus, Malware, Hijack laptop läuft kaum noch...
Archiv
Du betrachtest: Virus, Malware, Hijack laptop läuft kaum noch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131