Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Kaspersky findet Trojan.Multi.GenAutorunReg.a (auf Win 8.1 64) (https://www.trojaner-board.de/192667-kaspersky-findet-trojan-multi-genautorunreg-a-win-8-1-64-a.html)

lucina 18.08.2018 18:50
additional.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by d (18-08-2018 18:11:10)
Running from C:\Users\d\Desktop
Windows 8.1 Pro (Update) (X64) (2014-06-10 23:25:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1417334993-2898295356-3386692794-500 - Administrator - Disabled)
d (S-1-5-21-1417334993-2898295356-3386692794-1001 - Administrator - Enabled) => C:\Users\d
Guest (S-1-5-21-1417334993-2898295356-3386692794-501 - Limited - Disabled)
___VMware_Conv_SA___ (S-1-5-21-1417334993-2898295356-3386692794-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
7+ Taskbar Tweaker v5.2.1 (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\7 Taskbar Tweaker) (Version: 5.2.1 - RaMMicHaeL)
Abelssoft Undeleter (HKLM-x32\...\{1FB7B731-3479-4128-8299-A53922E47675}_is1) (Version: 4.2 - Abelssoft)
AbleWord v3.0 (HKLM-x32\...\AbleWord_is1) (Version:  - )
AkelPad 4.9.7 (HKLM-x32\...\AkelPad) (Version: 4.9.7 - )
Alternative Flash Player Auto-Updater (HKLM-x32\...\{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1) (Version: 1.2.0.1 - pXc-coding.com)
Anki (HKLM-x32\...\Anki) (Version:  - )
AnVir Task Manager Free (HKLM-x32\...\AnVir Task Manager Free) (Version:  - AnVir Software)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.0.0.0 - iMobie Inc.)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-Bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.)
ASF-AVI-RM-WMV Repair 1.82 (HKLM-x32\...\ASF-AVI-RM-WMV Repair_is1) (Version:  - Repair Video, Inc.)
Battery Alarm (HKLM-x32\...\{B7A43DA2-F2FD-44C2-A044-D24C3751C1BD}) (Version: 1.0.0 - Steve Emmons)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
BatteryMonitor (HKLM-x32\...\{F9046ACF-EF0A-47D6-8D37-64941CCCD4C0}) (Version: 1.0.0 - Mad Dog Apps)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bluefish 2.2.10 (HKLM-x32\...\Bluefish) (Version: 2.2.10 - The Bluefish Developers)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ChildWebGuardian PRO version 5.11.0.0 (HKLM-x32\...\ChildWebGuardian PRO_is1) (Version: 5.11.0.0 - Zimin Sergei Aleksandrovich IP)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU)
CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3223 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DigiBookBrowser Version 1.5.3.87 (HKLM-x32\...\{21357E10-BDCB-4CDD-B2A3-905DD7ED653D}_is1) (Version: 1.5.3.87 - LECRE Inc.)
doPDF (HKLM\...\{B271A7AA-588F-418F-8F65-37E38CBEABB2}) (Version: 8.5.940 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{fb478b24-519a-43d4-aeea-9a6712d28811}) (Version: 8.5.940 - Softland)
EaseUS Todo Backup Home 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
ECOみえグラフ (HKLM\...\{01F84262-DBC2-4B4D-8C4A-1C82D2CD88AA}) (Version: 1.5.0 - NEC Personal Computers, Ltd.)
ECOモード設定ツール (HKLM\...\{1D2AF0E5-3B07-4B0F-98BD-03F0918BC367}) (Version: 5.7.0 - NEC Personal Computers, Ltd.)
EditPlus (64 bit) (HKLM\...\EditPlus) (Version:  - ES-Computing)
EF Process Manager (HKLM-x32\...\EF Process Manager) (Version:  - EFSoftware)
EmEditor (64-bit) (HKLM\...\{36CC25CA-2E71-4839-A822-0D1EC0E52145}) (Version: 15.7.2 - Emurasoft, Inc.)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
ExactFile 1.0.0.15 (HKLM-x32\...\ExactFile_is1) (Version:  - StudyLamp Software LLC)
f.lux (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Flux) (Version:  - f.lux Software LLC)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.73.328 - Digital Wave Ltd)
Geany 1.26 (HKLM-x32\...\Geany) (Version: 1.26 - The Geany developer team)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
GPSoftware Directory Opus (HKLM-x32\...\{0A6AA615-5321-43A0-AFAE-97BF95013EA0}) (Version: 11.19 - GPSoftware)
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
iMazing 2.5.4.0 (HKLM\...\iMazing_is1) (Version: 2.5.4.0 - DigiDNA)
iMyfone D-Back 4.5.1.0 (HKLM-x32\...\{071B9303-5881-4BC6-B9E9-2E2D22C015C1}_is1) (Version: 4.5.1.0 - Shenzhen iMyfone Technology Co., Ltd.)
Intel Anti-Theft Discovery App (HKLM-x32\...\{B59285B4-6478-4FE2-9158-AAC7E4D892C3}) (Version: 1.1.2.8 - Intel Corporation)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.7.0.179 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}) (Version: 2.1.03638 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3338 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.3.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{396E9B28-F15F-4C05-A401-99DE1874C2CA}) (Version: 4.2.40.2439 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000071-0190-1031-84C8-B8D95FA3C8C3}) (Version: 19.71.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
IntelliWebSearch v.3 (HKLM-x32\...\IntelliWebSearch) (Version: 3.2.0.5 - Michael Farrell)
IntelliWebSearch v.5 (HKLM-x32\...\IntelliWebSearch5) (Version:  - Michael Farrell)
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan)
iTools 3 (HKLM-x32\...\ThinkSky) (Version:  - Shenzhen Thinksky Technology Co., Ltd.)
Java 10.0.2 (64-bit) (HKLM\...\{EECB2736-D013-5AC5-9917-7656712F6931}) (Version: 10.0.2.0 - Oracle Corporation)
jEdit 5.3.0 (HKLM\...\jEdit_is1) (Version: 5.3.0 - Contributors)
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
KeyboardTest V3.2 (HKLM\...\KeyboardTest_is1) (Version: 3.2 - PassMark Software)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
LibreOffice 6.0.5.2 (HKLM\...\{9645CDEF-085C-45F7-A3CD-B4B7046EF78C}) (Version: 6.0.5.2 - The Document Foundation)
Linkman (HKLM-x32\...\Linkman) (Version: 8.98 - Outertech)
Macrium Reflect Free Edition (HKLM\...\{1A399324-9784-4384-927F-0FEA922BC516}) (Version: 7.1.3317 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Mailbird (HKLM-x32\...\{242E441B-2194-4499-9EE7-2AA76C5E2318}) (Version: 2.2.1 - Mailbird)
Malwarebytes Version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
MicroDicom DICOM viewer 2.2.5 (HKLM-x32\...\MicroDicom) (Version: 2.2.5 - MicroDicom)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (de-DE, Hedda) (HKLM-x32\...\{ACFCC7B5-C028-40AE-A5F5-9778B41F22A2}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{e7784e4f-df08-46b2-8c4f-f981ee32bcff}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mnemosyne 2.5 (HKLM-x32\...\Mnemosyne_is1) (Version:  - )
Mouse Speed Switcher v3.4.0 (HKLM-x32\...\{D477774F-C7C1-4D63-B170-7242090BA710}_is1) (Version:  - Gianpaolo Bottin)
Movie Maker (HKLM-x32\...\{970F982A-E889-486B-BB26-B8598280D924}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
music.jp PLAY 4.0 (HKLM-x32\...\music.jp PLAY_is1) (Version: 4.0 - Ventis Media Inc.)
NoteBook FanControl (HKLM-x32\...\{00111A7A-77A7-4AC6-A272-A56DFAD517E7}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare) Hidden
NoteBook FanControl (HKLM-x32\...\{666d9f07-291b-44a5-b86f-d5240e78692d}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NoteTab 7 Trial (Remove only) (HKLM-x32\...\NoteTab 7 Trial_is1) (Version: 7.2 - Fookes Holding Ltd)
novaPDF 8 Printer Driver (HKLM\...\{F9F62525-05B6-4AD7-8D30-0D872CC1FB3C}) (Version: 8.5.940 - Softland)
novaPDF 8 SDK COM (x64) (HKLM\...\{2A16E811-1C7B-4483-96F7-226C8D738F34}) (Version: 8.5.940 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{A6DF899D-5518-4DAB-A4F9-F7D0CDD43224}) (Version: 8.5.940 - Softland)
Opera developer 56.0.3045.0 (HKLM-x32\...\Opera 56.0.3045.0) (Version: 56.0.3045.0 - Opera Software)
Opera Stable 54.0.2952.71 (HKLM-x32\...\Opera 54.0.2952.71) (Version: 54.0.2952.71 - Opera Software)
Oracle VM VirtualBox 5.1.34 (HKLM\...\{2FDA51A1-BCE0-40C6-9EC9-7778F72525C9}) (Version: 5.1.34 - Oracle Corporation)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
PDF-XChange Editor (HKLM\...\{5C198985-6833-4F92-BE9A-33FC8ACC1025}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{344e7cdb-4fda-4dc1-9dd8-1fa7b1694d7c}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.)
PhoneRescue (HKLM-x32\...\PhoneRescue) (Version: 3.1.2.0 - iMobie Inc.)
Pinta 1.6 (HKLM-x32\...\{833CBF68-0FE7-44A4-86E6-71DE50A30465}) (Version: 1.6.0.0 - Pinta Community) Hidden
Pinta 1.6 (HKLM-x32\...\{aaa32734-ca38-494d-836c-f41822d11ed5}) (Version: 1.6.0.0 - Pinta Community)
Play.net (HKLM-x32\...\{8CE3D78F-7B81-46F5-977A-12DBA2CB5B9A}) (Version: 2.1.6 - NEC Personal Computers, Ltd.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Postbox (4.0.8) (HKLM-x32\...\Postbox (4.0.8)) (Version: 4.0.8 (en-US) - Postbox, Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Prio (HKLM\...\Prio) (Version: 2.1.0.4391 - )
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.0.0.276 - Bitsum)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala)
PyKeylogger - Simple Python Keylogger (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\PyKeylogger) (Version: 1.2.1 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Roxio Creator LJ (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.2.43.19 - Roxio)
Second Copy 8 (HKLM-x32\...\Second Copy 8_is1) (Version: 8.1.2.0 - Centered Systems)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Skype Version 8.27 (HKLM-x32\...\Skype_is1) (Version: 8.27 - Skype Technologies S.A.)
Smart Update (HKLM-x32\...\{EA65772D-1999-462B-BFC0-480A9515ABCC}) (Version: 2.0.2.0 - NECパーソナルコンピュータ株式会社)
SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.) Hidden
SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\InstallShield_{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.)
SmEdit v1.170 (HKLM-x32\...\SmEdit) (Version: 1.170 - Sinner Computing)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SuperMemo (HKLM-x32\...\SuperMemo) (Version: 17.11 - SuperMemo World)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.8 - Synaptics Incorporated)
Syncios Data Recovery 1.0.9 (HKLM-x32\...\Syncios Data Recovery) (Version: 1.0.9 - Anvsoft)
System Checkup 4.0 (HKLM-x32\...\{918D30D3-AD9B-43A8-9EF7-463075DC93CD}_is1) (Version: 4.0.0.146 - iolo technologies, LLC)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
TED Notepad (HKLM-x32\...\TED Notepad) (Version: 6.0.2 - Medvedik, Juraj Simlovic)
Telegram Desktop Version 1.2.15 (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.15 - Telegram Messenger LLP)
TextPad 8 (HKLM\...\{861AB1C1-1967-4C4A-BF86-C255E2D2B8FD}) (Version: 8.0.0 - Helios)
UltraCompare (HKLM-x32\...\{C5337996-B87D-4CB8-A9D9-A9D66F27B88E}) (Version: 15.20.0.6 - IDM Computer Solutions, Inc.)
UltraEdit (HKLM\...\{AFFE5F64-3248-41E9-96AE-8B475F6EFAB3}) (Version: 22.20.0.49 - IDM Computer Solutions, Inc.)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
VEDIT 6.2 (HKLM-x32\...\Vedit) (Version:  - )
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
Vivaldi (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Vivaldi) (Version: 1.14.1077.45 - Vivaldi)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
WhatsApp (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\WhatsApp) (Version: 0.2.5371 - WhatsApp)
WhoCrashed 6.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - Intel (NETwNb64) net  (10/16/2017 19.10.10.2) (HKLM\...\87BD50FDDBB077656313DAABF938DE8C31D89265) (Version: 10/16/2017 19.10.10.2 - Intel)
Windows-Treiberpaket - Intel (NETwNb64) net  (10/31/2017 18.33.11.2) (HKLM\...\D6CC402604E3676A6C8B5028A493400358139A70) (Version: 10/31/2017 18.33.11.2 - Intel)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WMV Joiner version 1.1.2.8 (HKLM-x32\...\WMV Joiner_is1) (Version:  - )
Zimbra Desktop (64-bit) (HKLM\...\{9D3B5C7A-BB5B-4B92-8CF7-AE28F9E4C24A}) (Version: 7.2.8.12102 - Zimbra)
おすすめメニューNavi (HKLM\...\{69561DE9-373F-4273-AE2D-BD076E552C0C}) (Version: 2.2.1 - NEC Personal Computers, Ltd.)
おすすめ設定 (HKLM\...\{61558C29-0C3A-442B-A43C-C883B94E8929}) (Version: 1.0.0 - NEC Personal Computers, Ltd.)
おてがるバックアップ (HKLM-x32\...\{F353F974-64FF-44F5-AE2D-D079964C5685}) (Version: 4.6 - Roxio)
オンスクリーン表示の設定 (HKLM\...\{C8E0D8C6-7C6B-4EBE-B02A-C97E17796B97}) (Version: 1.0.0 - NEC Personal Computers, Ltd.)
クイックパワーオン (HKLM\...\{98916919-5ACD-415A-AA04-7B7B0A425BE6}) (Version: 1.1.0 - NEC Personal Computers, Ltd.)
ソフト&サポートナビゲーター (HKLM-x32\...\{8AF94405-08BB-4CF6-8856-84C88EAA7ECA}) (Version: 1.5.7 - NEC Personal Computers, Ltd.)
ソフト&サポートナビゲーター修正モジュール(2013年秋冬) (HKLM-x32\...\{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 -  ) Hidden
ソフト&サポートナビゲーター修正モジュール(2013年秋冬) (HKLM-x32\...\InstallShield_{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 -  ) Hidden
ソフト&サポートナビゲーター修正モジュール(Windows 8.1対応) (HKLM-x32\...\{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 -  ) Hidden
ソフト&サポートナビゲーター修正モジュール(Windows 8.1対応) (HKLM-x32\...\InstallShield_{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 -  ) Hidden
バッテリ・リフレッシュ&診断ツール (HKLM\...\{B3806CF1-829E-4280-BC3E-1636035908FD}) (Version: 1.12.0 - NEC Personal Computers, Ltd.)
パネルオープンパワーオンの設定 (HKLM\...\{D637EF1B-3B6A-4680-A2F2-ACB6BF464DFA}) (Version: 1.2.0 - NEC Personal Computers, Ltd.)
パワーオフUSB充電の設定 (HKLM\...\{DFA0E609-8481-4E32-828E-7311E4936F99}) (Version: 2.4.0 - NEC Personal Computers, Ltd.)
ピークシフト設定ツール (HKLM\...\{4F3E3604-F81F-4768-BD87-6A692338A847}) (Version: 1.3.0 - NEC Personal Computers, Ltd.)
ファイナルパソコンデータ引越し 9 plus for NEC (HKLM-x32\...\{EE57E154-979A-4C6D-8459-296B1526D3FE}) (Version: 7.00.629.0 - AOS Technologies)
フォト ギャラリー (HKLM-x32\...\{CAF46B72-12E2-4FE7-A348-45999E69E1FE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
ワンタッチスタートボタンの設定 (HKLM\...\{AB281E2C-FA39-4CC0-B1B0-3DF24AD5B3D0}) (Version: 1.19.1312 - NEC Personal Computers, Ltd.) Hidden
再セットアップメディア作成ツール (HKLM-x32\...\{157C8082-2627-4236-A6CC-B797CF91D576}) (Version: 6.2.0 - NEC Personal Computers, Ltd.)
筆ぐるめ 20 (HKLM-x32\...\{02D371DE-95DC-4F6F-A1A6-4C957D6721A9}) (Version: 20.00.0008 - 富士ソフト株式会社)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{05468442-062B-425B-A1E5-7DC9077C0734}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{070057DA-0223-4D7E-B886-7CF38806F044}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0C89916D-7B21-4578-805E-A62B6DB24B85}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0EAEF7F0-4566-4FC1-9170-8A02C4889CBD}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{110BD641-44EE-4E95-9CC9-0E21EDAB4A3B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1132C079-B5D2-47CC-8976-C03989AB1531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1153FA7B-6348-420B-B0BF-E6B63D9AA284}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{132C9446-2F32-4CBA-8C03-FB8C8FFECAF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{13526224-3C67-43AB-82A8-2740A138723E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{166669E8-3E01-4D42-B3C0-62FADDBAB00A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{181AC033-9534-4567-B173-6DA6525424E3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19261A68-E50E-497B-A0BA-9909C586A9D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19B119EA-A452-477B-8423-EAF115A29CEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1DEDC126-F5F3-48F1-9DB5-03D9BBC4F83E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1E65BA05-6325-4B65-9D63-97DF1FEC92BB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{22410B2E-909D-4A70-8234-C64A75F9B844}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{262E2007-2F51-430E-9F43-A2F4BE8AAB65}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2797C792-9879-47ED-944C-19EBE866FC24}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2847421D-1EE5-4356-AFB2-DFE4E9D61C68}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{28916419-ECF6-45F0-8F20-87024C3837F6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{295CEEF4-708C-48DB-8F3B-C30047A51281}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2BDB4786-A72C-4775-8FA4-A59967325612}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2CE81929-7B17-4394-ABBF-765AF900A3EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32515D47-A1DD-4E97-A8B9-4B92D517C8A8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32ABFD53-EC5A-4A31-8FB6-A0E8EEA4A31F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{35A48AC8-5632-4A47-B564-7B75321826E1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3932E526-705D-41B5-83FD-87D1DB82B6A7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3C0C7828-2BD0-4B57-B656-B5DB09550E73}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3DDC5BB3-A9B0-4787-B700-AD84FD0EB4D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3E7FF6D2-2973-4FA7-BDD8-1924AFDF2764}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{40BCE962-264C-452E-92E7-B5F35B3F2436}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{42AA6491-4D25-4054-AF0E-203B0780C144}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{43C9A239-A357-4176-9DED-49CFECD93C0B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{44AB264B-7136-4E41-A9AC-B9F876D162EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4B0CA027-383D-41E6-97D7-F5EDEBC4916F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4C7A1662-008F-4EDC-97D3-D4199B062B4A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAD847C-28D6-4EA2-A833-63AC04BBDB02}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAFD059-0F6A-4024-A81A-087CDB7D4633}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{51D11E0A-BF6C-4E44-8AB0-1AA8A2A73BF4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{58F1A0DF-3038-4DD1-BCF6-406DD6AA4D1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E0CBCC1-A35D-447F-923F-5783E22ED791}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E5558B7-1B65-4EA1-92F4-8E9567C2ABFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{606372CE-5093-4FD7-A37D-3CE22496B6F9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{61267647-B40C-4050-ACE4-985D93253DFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{62162BC5-8419-4241-980C-649CC91B1E1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6282C6EB-E17C-4617-B72B-DB671AC7ABDE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{638C2808-47DE-4CC6-99B5-789EB0C86D77}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6619B693-BB07-475B-B595-C77E4CD3EBEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{68F233B6-F8C3-4A96-9100-003BCDCE53B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6CA7C35E-1FC1-4C66-91A7-1FE5178F36A9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6DB6DF3B-0DF4-4C66-B0FD-216BA16A1D34}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{721088D3-BD36-468C-8916-B5F2074F8023}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{760A2160-66F5-42F2-AD7A-A62AD9756CDF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7660000A-03D2-476F-91FC-2D863D6DCC03}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7725641E-7AB5-49EE-922D-E703CDB98588}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{782485F1-AA61-4F5F-8A59-03B6D2FF91C1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7AAA42E5-5C43-48D1-B298-71146A878F7C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7E6249E7-95C5-40CF-8E15-0034BA49F49B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{849783D6-6561-434F-ACE1-8A67783ED4FF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{8ED73585-3AA8-41E2-A98B-85FE2857B420}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{9F92194F-9039-4E49-BB83-1168EC86ABD9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A1B66AF8-20FB-4B52-947E-60F2048A2821}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A57DB49B-ABA0-45BE-AA2D-28C13E2919D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A782D6BE-5799-406E-86E1-6C5442F0D902}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B032B620-06B1-4D98-B09E-9D5BD7CD3BEC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B0F43F65-6282-457A-AAFC-8B0597EB8591}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B3726FEF-1166-4B1C-AB33-1FD76AE2B0E7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B604EC25-0C5D-48DB-9E7C-243EDB3D84BF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B80972C9-AF80-4F71-BB2B-9CB1FAED19F0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BC5D198E-58DF-4267-BBDB-22FF193B255D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BF87ECFF-1A50-4CDD-BF9F-991EDCF75B1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C09AC76A-826E-491E-87E0-46807D8215A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3B42C03-C1B7-4c1a-B384-BBAE19646333}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3D9D1E2-08A6-4937-AC5B-AA1E9A0971B9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C4E34FA1-F051-4754-AC47-B946EA04031D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C85E45FD-576D-43FE-81C5-C4012999FEFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8618129-8966-4851-A99A-4EEF208620AF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8F46A32-4FE4-408C-9F91-7F06460F42AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CB2CFC1A-5069-475C-B4BD-621E2A9A3A1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CFB39FCE-8A04-479A-9248-0D3F45763954}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DAFE2BB3-20A0-45EA-A032-D42627572BCC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DCBA6A6C-FEBD-4BE5-B027-B59730A4BA22}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DF3FAE68-02A8-4A29-A254-D04E03E4058D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DFA026EA-2024-4088-8417-126A2E2D2486}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{EAE666EA-3CB0-403D-974F-5D8358DE67FA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F0E2DAE4-25FA-4638-B789-B01CA9B4329C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F2AC96B1-3579-4F87-9111-DC670C02BEEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F43FEE01-24DB-4AC9-8FCF-73F1CBECDD8C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F8069691-0850-4326-B317-D5AF35F5DFA0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F83118C7-0841-4A6C-BA28-855B24B17C1A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F93AD34F-D933-4BB7-917E-694DB52F82F8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FB3D4710-33E5-4E78-8BF5-CE34A431174F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FC48C6DE-CEEB-4774-9412-2FF5689A8C9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [EditPlus] -> {36D94110-787C-4828-9C1B-0DAFEBC36069} => C:\Program Files\EditPlus\eppshell64.dll [2015-07-07] ()
ContextMenuHandlers1: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2014-06-13] (Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2015-11-29] ()
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] ()
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraEdit] -> {b5eedee0-c06e-11cf-8c56-444553540000} => C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll [2015-12-15] ()
ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)
ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] ()
ContextMenuHandlers5_S-1-5-21-1417334993-2898295356-3386692794-1001: [DOpus] -> {B9DD4945-1BED-4CB7-994C-F40B72B7725A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FC94078-783C-4F45-9A83-EA7E687FF98A} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe
Task: {14C6A237-47B6-420D-98C7-B48C0E16B8BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {1C957448-077E-44CE-A9AF-942431EDCAAF} - System32\Tasks\Opera scheduled Autoupdate 1402604082 => C:\Program Files (x86)\Opera\launcher.exe [2018-08-07] (Opera Software)
Task: {38875C0C-9D5E-4443-8174-2ACC325E0748} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-06-27] (Oracle Corporation)
Task: {4AEAC1FC-86EF-4742-9F8F-B9BB85B7E32A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {56E998C4-C729-4325-8DA2-4D1C164BFFFA} - System32\Tasks\Opera scheduled Autoupdate 1464983063 => C:\Program Files (x86)\Opera developer\launcher.exe [2018-08-14] (Opera Software)
Task: {72475EF4-D144-4C6F-8F30-933D699AE0A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {87DE09A6-0A20-44AF-9ECC-173BF2339374} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.)
Task: {8934D95E-BD1D-4B60-A7AA-28FD77234F91} - System32\Tasks\Anvirlauncher => C:\Program Files (x86)\AnVir Task Manager Free\anvirlauncher.exe [2016-02-28] (AnVir Software)
Task: {8A17FE54-DBCC-4FBA-98EA-FD88B993F327} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {9331D4AE-B609-43C9-A4F8-B611DEFF68FA} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {A06C3BF2-C5E5-417C-AE66-C08BCDCCC271} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {A228AF77-7ABF-4820-A6E7-DA52E1BF7474} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {A61B8BBA-960E-417E-B619-DE3911B4B16E} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2016-03-03] ()
Task: {AC925663-4A09-4B04-A33D-931EF33440D9} - System32\Tasks\{81F0B437-B032-4F42-869E-9200A9004B28} => c:\program files (x86)\opera\launcher.exe [2018-08-07] (Opera Software)
Task: {BBB5FFB3-5780-4C21-BA21-95B793B6AFC4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BCD4E4EC-D945-40F3-9E6A-E0BAFB278317} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-04] (Synaptics Incorporated)
Task: {DF167F93-F3BA-4561-93FC-768E43939C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.)
Task: {E721563C-197D-47C4-9FE5-017A47B512F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {EDDB4BB6-584A-41A8-A52A-AA8E4221FF6A} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2016-07-25] ()
Task: {EDDC835F-5FFF-47DA-8849-A24D9414705E} - System32\Tasks\Core Temp Autostart d => C:\Program Files\Core Temp\Core Temp.exe [2018-05-20] (ALCPU)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-04-19 07:32 - 2015-09-01 15:41 - 000095008 _____ () C:\windows\System32\Primomonnt.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-12 12:06 - 2013-08-12 12:06 - 000198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 12:06 - 2013-08-12 12:06 - 000054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 12:06 - 2013-08-12 12:06 - 000034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2017-01-15 23:31 - 2017-01-15 23:31 - 000012704 _____ () C:\Program Files\Prio\prio_svc.exe
2016-07-25 16:40 - 2016-07-25 16:40 - 000486264 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
2015-12-17 12:13 - 2015-12-17 12:13 - 004930560 _____ () C:\Users\d\Desktop\acv507\ArsClip.exe
2018-04-12 19:09 - 2018-04-09 20:24 - 000966512 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000343912 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000139120 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000360304 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000040816 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000499568 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000081768 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000114536 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000089968 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000073576 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000298864 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000978800 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000339816 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000126824 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000175984 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2018-04-12 19:09 - 2015-05-21 14:32 - 002403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000188272 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2014-04-11 09:48 - 2013-10-15 06:10 - 000541683 _____ () C:\Program Files (x86)\CyberLink\NEC Move Media Server\sqlite3.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 002317688 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iOSDevice.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 001362808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscCore.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000180088 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscMods.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000152952 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Network.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000402808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\TSLib.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000668536 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\UICore.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000044920 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Common.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000385912 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MediaUtil.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000548728 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Sqlite.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000103288 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\ZLib.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-21 02:36 - 2013-08-08 06:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2011-01-31 10:45 - 2011-01-31 10:45 - 000559244 _____ () C:\Program Files (x86)\Linkman\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]
AlternateDataStreams: C:\ProgramData\Temp:8EFFFE8D [294]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\stwfp => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.reg: \shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit =>  <==== ATTENTION
HKLM\...\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Classes\.bat: batfile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\google.com -> hxxps://docs.google.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2017-08-01 22:33 - 000000853 _____ C:\windows\system32\Drivers\etc\hosts

127.0.0.1 cryptomator-vault

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "IntelAntiTheftDiscoveryAppIECNotifier"
HKLM\...\StartupApproved\Run: => "AtrioSide"
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "ChildWebGuardian PRO Agent"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\StartupFolder: => "Telegram.lnk"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Mailbird"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "DVSFreeVideoCallRecorder"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "WhatsApp"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F9D643D3-8497-43E4-98F3-38E716915A8E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E8B770A5-FA45-4D44-B58C-F97DD1977577}] => (Allow) LPort=2869
FirewallRules: [{900BB167-AA6B-4D13-9555-03CB4DDAF294}] => (Allow) LPort=1900
FirewallRules: [{D6F18BAF-16DE-469C-A520-9004AC0498C0}] => (Allow) C:\Program Files (x86)\AOS Technologies\ファイナルパソコンデータ引越し 9 plus for NEC\pcmover.exe
FirewallRules: [TCP Query User{A744A787-26B6-4CBF-AC16-D8B16B6CD448}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3611C606-8BCD-4157-B7F0-97CA21424398}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{0B623E7A-4890-41D8-8372-1C130AC8A356}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{09F7B869-195F-40C6-B266-6B04AFB2884F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3C3010E4-90F7-42A7-89F9-E3444CF94B06}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe
FirewallRules: [{AE7790C2-8769-41C5-841F-8D2AD8D9BA01}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe
FirewallRules: [{7BAC5F7A-284F-4108-9BC5-B75C3D72552E}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe
FirewallRules: [{9FFB909A-2927-4085-8066-0879D3AA0793}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe
FirewallRules: [{F9D77D4C-761D-430E-88CB-D1B7A52097C8}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe
FirewallRules: [{11F3629D-245B-451A-A98E-64DFBD07B295}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe
FirewallRules: [{56F4AF8E-57F8-41B4-A65A-0FBBA6C76B40}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe
FirewallRules: [{13C3D64E-22F7-4BA1-B58B-53265677C553}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe
FirewallRules: [{A0C999BA-C8BC-4281-8601-73750E5F1723}] => (Allow) LPort=8501
FirewallRules: [{32AB8D67-D054-4A79-8823-614FFEF6E01F}] => (Allow) LPort=8501
FirewallRules: [{505DA236-3A56-424B-9B99-EBB755EEC9AA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A902F6FB-3298-44B9-93ED-191D82C26CB9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{689C272A-0ECD-47F8-88F6-904975F51D79}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe
FirewallRules: [UDP Query User{11A1A67E-B038-48B3-89AB-F8F4F0268BB7}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe
FirewallRules: [{2117A44D-9AF0-4D84-A6FA-C2CE767375A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82444FCE-8B73-4EE6-9321-D147BB55E475}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E0FF1427-02F7-4FCF-B605-AA7720FECB39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C149F272-279C-452B-9C7D-9C93C179E6AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DEE3F7CC-FEC2-4054-9A70-A29139DE0761}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB91DF20-D673-499C-B644-030D9703474B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E815151-6904-496A-AC2D-72FC22009C49}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe
FirewallRules: [{3F403557-C2A9-4DB4-A08F-AAA175CF45EA}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe
FirewallRules: [{A0292E51-FA3B-40A5-86B6-A69410C15431}] => (Allow) C:\Windows\SysWOW64\fltw.exe
FirewallRules: [{F59F9572-DAA8-49A7-B8B8-87D14203E726}] => (Allow) C:\Windows\SysWOW64\fltw.exe
FirewallRules: [{21B8CF93-A8AF-49E0-A5A8-4D90D71EA1F4}] => (Allow) C:\Windows\SysWOW64\wstw.exe
FirewallRules: [{A664E965-6F9C-4904-97B3-664A88C6C5D6}] => (Allow) C:\Windows\SysWOW64\wstw.exe
FirewallRules: [{596BBBC2-6C69-43DD-A9E3-2EAF611B034C}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe
FirewallRules: [{F3158699-F2C2-4B4D-9C97-8EDE44D0C91A}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe
FirewallRules: [{C69239FF-06A3-4D0A-9444-F72972E53490}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe
FirewallRules: [{B4EFD6D8-6BAD-4D07-B5B5-6B2D0EFF9D69}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe
FirewallRules: [TCP Query User{B21120BA-3F16-452E-89E6-243273EEED0C}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [UDP Query User{05154D90-C128-45AD-880F-BC2AEC21295A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [TCP Query User{0095AFA1-906D-40EB-8740-81E092A2EA5B}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe
FirewallRules: [UDP Query User{D4BFC90B-A4EE-47CF-8E06-21798F2B4FC7}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe
FirewallRules: [{6DC437CD-3BEE-4A60-81F8-8B67FC3E055E}] => (Block) C:\program files\second copy\seccopy.exe
FirewallRules: [{3EF30085-232D-450A-A5C2-2484F10431B5}] => (Block) C:\program files\second copy\seccopy.exe
FirewallRules: [TCP Query User{35AEFCDE-F23F-4FD9-AE70-CB0DDF2953CA}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe
FirewallRules: [UDP Query User{D6AA058A-D730-4D0C-804C-63DE46208040}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe
FirewallRules: [TCP Query User{C339E5B9-07F3-463F-8D92-10E98B07F74E}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe
FirewallRules: [UDP Query User{36EE777D-F32F-4484-8CFA-A540C211237B}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe
FirewallRules: [TCP Query User{290EC45F-8ECA-465A-8550-807F15B4CB76}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe
FirewallRules: [UDP Query User{7FB492CB-F6F5-4EE0-864F-95F55A6DFDEB}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe
FirewallRules: [{A27C0608-11DD-46B0-93E8-8CB7D21E4418}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5A3641B2-C624-4A94-8FA9-DE244F8FC639}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F164DD20-6078-4B81-961C-083B0FF25404}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FBB6CB95-B7E6-4818-B62D-6724C436E3B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{103298D7-C2C7-4895-AF93-CD4A59B6C354}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{6833B99D-A1FD-4788-ACC3-3B5D8B6FDB81}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{2DC48355-FECA-488E-8202-684BD0D8D84C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{F6EF11B6-6AEA-4BAE-AA20-E91C42F7AD1F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{18F0E74C-3ACE-4781-B413-F0D422BB63CF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{863A523D-C261-4A82-A2A7-27447A8FC2F4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{FD947FEC-53B3-4BED-B0A8-4DA463021FCA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{D2B23179-C9B9-491E-AC91-B68A0C8ED660}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{84B862B7-8779-41D9-9055-94DBAC95D6DA}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.40\opera.exe
FirewallRules: [{50BD2E1A-D1D7-4D61-BBF1-54EBD9BBBC3A}] => (Allow) C:\Program Files (x86)\Opera developer\53.0.2885.0\opera.exe
FirewallRules: [{06476787-1BB0-4434-A169-C039F0E60556}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{5D961AE6-CB90-49AD-86B7-26B54B099719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2A8C58E0-93CA-4A29-A307-B6DE1FCED428}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9B9C6AEE-6B22-4E95-8D70-08F24E69290C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{82536828-3DCD-485E-B8A8-5ABF9005A3A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7CBB4B9B-D49D-4CEB-A6F3-F5616BB0653B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FC410A5-86DB-49D8-BD08-9989673770EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7ABA5E4A-1B70-4A10-B38E-CFA6AA3B0C7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5587DB5B-9321-4905-BC86-BFA9BDDE3795}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F627D117-A01C-456C-93BC-7264C3A4FFEC}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.64\opera.exe
FirewallRules: [{3F72EC62-9A98-40DB-BEEB-7E2F44976DA7}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3037.0\opera.exe
FirewallRules: [{2CD1F32B-A7E8-4079-AD1A-20A3A188A14C}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
FirewallRules: [{BE925581-CA7C-4454-A982-95444FC76D7D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{D85E2CCA-81C2-493D-936B-6659F467F804}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{9B61E9B1-13F4-4D9F-BCAB-650459099F1D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{602E8DE6-890B-4FAA-8647-4F8602E5A1FA}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3045.0\opera.exe

==================== Restore Points =========================

13-08-2018 03:46:21 スケジュールされたチェックポイント
18-08-2018 17:31:16 Revo Uninstaller's restore point - 7-Zip 17.00 beta (x64)
18-08-2018 17:35:19 Revo Uninstaller's restore point - Adobe Flash Player 30 NPAPI
18-08-2018 17:36:49 Revo Uninstaller's restore point - CrystalDiskInfo 7.0.5
18-08-2018 17:39:00 Revo Uninstaller's restore point - Adobe Acrobat Reader DC - Deutsch
18-08-2018 17:41:50 Revo Uninstaller's restore point - OpenOffice 4.1.3
18-08-2018 17:44:05 Revo Uninstaller's restore point - QuickTime 7

==================== Faulty Device Manager Devices =============

Name: Bluetooth デバイス (RFCOMM プロトコル TDI)
Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth デバイス (パーソナル エリア ネットワーク)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2018 06:02:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02b80a67
ID des fehlerhaften Prozesses: 0x17bc
Startzeit der fehlerhaften Anwendung: 0x01d4370cecaa64ae
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 2a738cdd-a300-11e8-83c3-94fdb0ec2042
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/18/2018 06:02:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: StartSU.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
  bei SU_Loader.suLogingCl..ctor()
  bei

SU_Loader.Program.Main()

Error: (08/18/2018 05:59:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.3.9600.18460 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: cc0

Startzeit: 01d4370c0ac4f255

Endzeit: 0

Anwendungspfad: C:\windows\explorer.exe

Berichts-ID: 9e08a327-a2ff-11e8-83c3-94fdb0ec2042

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/18/2018 05:51:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AkelPad.exe, Version: 4.9.7.0, Zeitstempel: 0x566d49e1
Name des fehlerhaften Moduls: Scripts.dll_unloaded, Version: 18.2.0.0, Zeitstempel: 0x566d4960
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000cb86
ID des fehlerhaften Prozesses: 0xd40
Startzeit der fehlerhaften Anwendung: 0x01d436e5f875d39c
Pfad der fehlerhaften Anwendung: C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
Pfad des fehlerhaften Moduls: Scripts.dll
Berichtskennung: 85a83216-a2fe-11e8-83c2-f05b999e8540
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/18/2018 05:31:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, アクセスが拒否されました。
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


操作:
  ライター データを収集しています

コンテキスト:
  ライター クラス ID: {e8132975-6f93-4464-a53e-1050253ae220}
  ライター名: System Writer
  ライター インスタンス ID: {ce725637-8bf6-4c6d-84c7-d931e1ffb698}

Error: (08/18/2018 11:53:54 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Ein Problem hat das Senden von Daten aus dem Programm zur Verbesserung der Benutzerfreundlichkeit an Microsoft verhindert (Fehler 80070005).

Error: (08/18/2018 01:16:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00d50a67
ID des fehlerhaften Prozesses: 0xddc
Startzeit der fehlerhaften Anwendung: 0x01d4368051a89d78
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 8f826dc5-a273-11e8-83c2-f05b999e8540
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/18/2018 01:16:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: StartSU.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
  bei SU_Loader.suLogingCl..ctor()
  bei

SU_Loader.Program.Main()


System errors:
=============
Error: (08/18/2018 05:51:55 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/18/2018 05:51:50 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/18/2018 05:51:45 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/18/2018 05:51:42 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/18/2018 05:51:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet filter server" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (08/18/2018 05:51:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "EaseUS Agent Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (08/18/2018 05:51:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "アプリケーション固有" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (LRPC 使用)" keine Berechtigung vom Typ "ローカル アクティブ化" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "利用不可" (SID: 利用不可) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (08/18/2018 03:37:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "アプリケーション固有" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (LRPC 使用)" keine Berechtigung vom Typ "ローカル アクティブ化" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "利用不可" (SID: 利用不可) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


Windows Defender:
===================================
Date: 2018-08-18 02:42:00.486
Description:
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {ECA8B3E0-FC77-4A51-9543-69805FAB89ED}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2018-04-05 18:43:15.063
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level

requirements.

Date: 2018-04-05 18:43:12.454
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level

requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 40%
Total physical RAM: 4015.7 MB
Available physical RAM: 2372.95 MB
Total Virtual: 12719.7 MB
Available Virtual: 10945.82 MB

==================== Drives ================================

Drive c: (Windows 8.1) (Fixed) (Total:225.93 GB) (Free:146.87 GB) NTFS
Drive f: (SD192GB) (Removable) (Total:183.33 GB) (Free:35.85 GB) NTFS

\\?\Volume{66bded32-fb6e-43d4-af27-9da22351b9e4}\ (Windows RE) (Fixed) (Total:0.93 GB) (Free:0.61 GB) NTFS
\\?\Volume{2c42f2fe-9218-4f8d-bd84-2ae9dde67a23}\ (NEC-RESTORE) (Fixed) (Total:11.23 GB) (Free:3.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 7D73FA8C)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 183.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

cosinus 18.08.2018 19:34
Sowas nennt man Fehalarm - Das ist halt prinzipiell bei Virenscannern so uder glaubst du die Dinger sind unfehlbar?!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-500\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1003\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1001\User: Restriction <==== ATTENTION
S3 esihdrv; C:\Users\d\AppData\Local\Temp\esihdrv.sys [149928 2018-04-09] (ESET) <==== ATTENTION
R3 ALSysIO; \??\C:\Users\d\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
AppInit_DLLs: prio.dll => No File
AppInit_DLLs-x32: prio32.dll => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No FileBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} -  No File
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} -  No File
CHR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-05-31]
OPR Extension: (Avast Online Security) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-20]
HKLM\...\.reg: \shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit =>  <==== ATTENTION
HKLM\...\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Classes\.bat: batfile =>  <==== ATTENTION
C:\Program Files\AVAST Software
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


lucina 19.08.2018 12:12
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 19.08.2018
Ran by d (19-08-2018 12:47:56) Run:1
Running from C:\Users\d\Desktop
Loaded Profiles: d (Available Profiles: d)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-500\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1003\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1001\User: Restriction <==== ATTENTION
S3 esihdrv; C:\Users\d\AppData\Local\Temp\esihdrv.sys [149928 2018-04-09] (ESET) <==== ATTENTION
R3 ALSysIO; \??\C:\Users\d\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
AppInit_DLLs: prio.dll => No File
AppInit_DLLs-x32: prio32.dll => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No FileBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} -  No File
Toolbar: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} -  No File
CHR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-05-31]
OPR Extension: (Avast Online Security) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-10-20]
HKLM\...\.reg: \shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit\shell\SmEdit =>  <==== ATTENTION
HKLM\...\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Classes\.bat: batfile =>  <==== ATTENTION
C:\Program Files\AVAST Software
emptytemp:
*****************

"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => removed successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\system32\GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-500\User => moved successfully
C:\windows\system32\GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1003\User => moved successfully
C:\windows\system32\GroupPolicyUsers\S-1-5-21-1417334993-2898295356-3386692794-1001\User => moved successfully
"HKLM\System\CurrentControlSet\Services\esihdrv" => removed successfully
esihdrv => service removed successfully
ALSysIO => service not found.
"prio.dll" => Value data removed successfully
"prio32.dll" => Value data removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => removed successfully
"HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => removed successfully
"HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4853DF44-7D6B-48E9-9258-D800EEE54AF6}" => removed successfully
HKLM\Software\Classes\CLSID\{4853DF44-7D6B-48E9-9258-D800EEE54AF6} => not found
"HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C500C267-63BF-451F-8797-4D720C9A2ED9}" => removed successfully
HKLM\Software\Classes\CLSID\{C500C267-63BF-451F-8797-4D720C9A2ED9} => not found
CHR Extension: (Kaspersky Protection) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-05-31] => Error: No automatic fix found for this entry.
C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam => moved successfully
HKLM\Software\Classes\.reg\\Default => value restored successfully
HKLM\Software\Classes\.bat\\Default => value restored successfully
"HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Classes\.bat" => removed successfully
"C:\Program Files\AVAST Software" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 128542253 B
Java, Flash, Steam htmlcache => 10006 B
Windows/system/drivers => 1854543734 B
Edge => 0 B
Chrome => 423751961 B
Firefox => 398208053 B
Opera => 1312241803 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 74880 B
LocalService => 999239 B
NetworkService => 923716 B
d => 2324501857 B

RecycleBin => 0 B
EmptyTemp: => 6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:50:32 ====

cosinus 19.08.2018 12:13
Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

http://www.trojaner-board.de/picture...&pictureid=611

lucina 19.08.2018 13:17
Hinweise:
- Flash ist auch in der IE-Version (den ich nie nutze) deaktiviert.
- ALSysIO64.sys befindet sich nirgends auf c:\.
- (Wenn ich in einem beliebigen Programm CTRL-Y drücke, während FRST geladen ist, wird eine text-datei mit einer Zufallszeichenfolge auf dem Desktop erstellt.)


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.08.2018 01
Ran by d (administrator) on LAVIE (19-08-2018 13:56:46)
Running from C:\Users\d\Desktop
Loaded Profiles: d (Available Profiles: d)
Platform: Windows 8.1 Pro (Update) (X64) Language: Japanisch (Japan)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTSVC.exe
(NEC Personal Computers, Ltd.) C:\Windows\SysWOW64\NTMETER.exe
(NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftSvc.exe
() C:\Program Files\Prio\prio_svc.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\ScVssService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECMFK\necmfk.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBatt\nbSched.exe
(NEC Personal Computers, Ltd.) C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NECBoot\NECBTPB.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NPSpeed\NPSpeed.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Outertech) C:\Program Files (x86)\Linkman\Linkman.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe
(RaMMicHaeL) C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
(f.lux Software LLC) C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\SecCopy.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Michael Farrell) C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\d\Desktop\acv507\ArsClip.exe
(Steve Emmons) C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe
(pXc-coding.com) C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe
(NEC Personal Computers, Ltd.) C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe
(NEC Personal Computers, Ltd.) C:\Program Files\EcoViewer\ecomonsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe
(AkelSoft) C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google) C:\Users\d\AppData\Local\Google\Chrome\User Data\SwReporter\31.165.200\software_reporter_tool.exe
(Google) C:\Users\d\AppData\Local\Google\Chrome\User Data\SwReporter\31.165.200\software_reporter_tool.exe
(Google) C:\Users\d\AppData\Local\Google\Chrome\User Data\SwReporter\31.165.200\software_reporter_tool.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [NECMFK] => C:\Program Files\necmfk\necmfk.exe [164176 2013-09-19] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [IntelAntiTheftDiscoveryAppIECNotifier] => C:\Program Files (x86)\Intel\Intel Anti-Theft Discovery App\IntelAntiTheftDiscoveryAppIECNotifier.exe [142336 2013-06-25] (Intel Corporation)
HKLM\...\Run: [NECBatt] => C:\Program Files\NECBatt\nbSched.exe [356688 2013-08-05] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [PeakShiftTool] => C:\Program Files\PeakShiftTool\PeakShiftNotifier.exe [244576 2013-07-02] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [NECBTPB] => C:\Program Files\NECBoot\NECBTPB.EXE [2789304 2012-10-05] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-09-04] (Synaptics Incorporated)
HKLM\...\Run: [RcdSettings] => C:\Program Files\NEC\NECRcdSettings\RcdSettings.exe [924536 2013-08-27] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [NPSpeed] => C:\Program Files\NPSpeed\NPSpeed.exe [3215152 2013-10-08] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [AtrioSide] => C:\Program Files\NEC\AtrioSide\AtrioSide.exe [1193328 2013-09-17] (NEC Personal Computers, Ltd.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [SmartUpdate] => C:\Program Files (x86)\NEC\SmartUpdate\reservesu.exe [234232 2013-07-08] (NEC Personal Computers, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-03-16] (Apple Inc.)
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME}
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653648 2018-06-27] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Linkman] => C:\Program Files (x86)\Linkman\Linkman.exe [1635200 2015-12-23] (Outertech)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\d\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [421240 2016-06-10] (GP Software)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [f.lux] => C:\Users\d\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\SecCopy.exe [3128616 2013-01-28] (Centered Systems)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] ()
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [WhatsApp] => "C:\Users\d\AppData\Local\WhatsApp\app-0.2.5371\WhatsApp.exe"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [DVSFreeVideoCallRecorder] => "C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\FreeVideoCallRecorder.exe" /minimized
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Run: [IntelliWebSearch] => C:\Program Files (x86)\IntelliWebSearch\IntelliWebSearch.exe [224388 2011-04-08] (Michael Farrell)
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1580408 2016-06-10] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [350072 2016-06-10] (GP Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Alternative Flash Player Auto-Updater.lnk [2016-01-16]
ShortcutTarget: Alternative Flash Player Auto-Updater.lnk -> C:\Program Files (x86)\Alternative Flash Player Auto-Updater\Alternative Flash Player Auto-Updater.exe (pXc-coding.com)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip - Verknüpfung.lnk [2016-01-25]
ShortcutTarget: ArsClip - Verknüpfung.lnk -> C:\Users\d\Desktop\acv507\ArsClip.exe ()
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryAlarm - Shortcut.lnk [2016-04-20]
ShortcutTarget: BatteryAlarm - Shortcut.lnk -> C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battery Alarm\BatteryAlarm.exe (Steve Emmons)
Startup: C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-09-30]
ShortcutTarget: Telegram.lnk -> C:\Users\d\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 cryptomator-vault
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A589BE57-42CC-439B-99D1-70AED469ADBE}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> DefaultScope {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL =
SearchScopes: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001 -> {0A66B399-8F9B-4C01-8EDD-A71D148B8BE7} URL =
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2016-07-25] (iTools.hk)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2016-07-25] (iTools.hk)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)

FireFox:
========
FF DefaultProfile: 2udj1tce.default
FF ProfilePath: C:\Users\d\AppData\Roaming\Postbox\Profiles\ify653so.default [2016-02-10]
FF ProfilePath: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default [2018-08-19]
FF Session Restore: Mozilla\Firefox\Profiles\2udj1tce.default -> is enabled.
FF Extension: (Grammarly for Firefox) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-08-09]
FF Extension: (Video DownloadHelper) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-09]
FF Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\2udj1tce.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-27]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-19] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2016-07-25] ()
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
StartMenuInternet: Firefox- - kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\Default [2018-08-19]
CHR Extension: (Präsentationen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-19]
CHR Extension: (Docs) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-19]
CHR Extension: (Google Drive) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-19]
CHR Extension: (YouTube) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-19]
CHR Extension: (Tab Count) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfokcacdaonnckdmopmcgeanhkebeaio [2018-07-30]
CHR Extension: (uBlock Origin) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-19]
CHR Extension: (Tab Glutton) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2018-06-25]
CHR Extension: (Tabellen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-05]
CHR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05]
CHR Extension: (Linkman) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchnedaeogijkjjkjigbijhbcanbdjkc [2018-05-05]
CHR Extension: (Google Mail) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-19]
CHR Profile: C:\Users\d\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-19]

Opera:
=======
OPR Session Restore: -> is enabled.
OPR Extension: (Simple = Select + Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2017-09-11]
OPR Extension: (Instant Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aamgapdgopfdmokckpkfciiddpahbbcg [2017-09-11]
OPR Extension: (Google Übersetzer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-02]
OPR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aejcgigcjcdcbdkdbeiclbpekcjddapp [2016-01-17]
OPR Extension: (Multi Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\afmdpmddiokpdknaeofdnlclbpgehhce [2018-07-25]
OPR Extension: (TransOver) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2018-08-08]
OPR Extension: (SimpleUndoClose) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\aipamoaneebnhkfefefbfmhimclgafig [2018-02-19]
OPR Extension: (Redirect Bypasser) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\akalifnifmgdmgmjoaiaflkeahpbkghe [2017-05-04]
OPR Extension: (Oxford Dictionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbhgfdkgegllnkmnpidalgbgdghilnha [2016-11-10]
OPR Extension: (Select like a Boss) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfigpnfillonohmonbadflnapjejfkgm [2017-10-21]
OPR Extension: (V7 Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjcegonlhkkclkkglpgjmgnigefhkak [2018-01-14]
OPR Extension: (smartUp Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bgjfekefhjemchdeigphccilhncnjldn [2018-06-27]
OPR Extension: (AdGuard Werbeblocker) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2018-05-19]
OPR Extension: (V7 Bookmarks) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpmgfnikhlpakdkeeahboleoommganka [2018-04-27]
OPR Extension: (Forvo pronunciation) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccpodfblfjampgmdfllpclalbdckflmi [2017-10-21]
OPR Extension: (TrafficLight) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfnpidifppmenkapgihekkeednfoenal [2018-04-11]
OPR Extension: (archive.is Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgjpabpjaocpgppajkeplhbipbdippdm [2018-04-08]
OPR Extension: (OneTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-12-12]
OPR Extension: (ZenMate VPN - Top Internet Security & Unblock) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2018-07-21]
OPR Extension: (Shortkeys) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnjnhmmmdopghhihpeoafpkkanlagfjf [2016-04-18]
OPR Extension: (Simple Mouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\cpbbhbiceidealbcfgodcffnfneffopd [2018-06-08]
OPR Extension: (Search by Image (by Google)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2017-03-06]
OPR Extension: (Card Numbers for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ddadhlcejiholmdiihbdcfoapdfkhicn [2017-02-28]
OPR Extension: (Tabs Backup & Restore) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2017-12-22]
OPR Extension: (Just Read) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dgmanlpmmkibanfdgjocnabmcaclkmod [2018-08-19]
OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-28]
OPR Extension: (Copy All Urls) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2017-11-19]
OPR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2018-08-11]
OPR Extension: (SurfEasy VPN - Sicherheit, Privatsphäre, Entsperrung) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2018-05-07]
OPR Extension: (Google search link fix) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eckgbkpcmkeamlbhpcifhnijehlcogip [2018-04-12]
OPR Extension: (Session Buddy) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
OPR Extension: (HTTPS Everywhere) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2018-06-22]
OPR Extension: (Copyfish 🐟 Free OCR Software) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eenjdnjldapjajjofmldgmkjaienebbj [2018-01-29]
OPR Extension: (VTchromizer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\efbjojhplkelaegfbieplglfidafgoka [2018-04-11]
OPR Extension: (Tabs Outliner) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2017-12-22]
OPR Extension: (Sort Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ejlljbnghfnfihpiifjaojopfkbgknoi [2016-04-18]
OPR Extension: (Copytables) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekdpkppgmlalfkphpibadldikjimijon [2017-10-21]
OPR Extension: (Tab Glutton) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekfmaibfpamaegficfifofnlhalkbdfm [2017-02-28]
OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekmmelpnmfdegjhnmadddcfjcahpajnm [2018-08-08]
OPR Extension: (Vertical Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\eknjllkeehiiakhmgjjdoempaocgemkg [2017-03-20]
OPR Extension: (Wrona History Menu) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\encidpibliikeaimjmlimnnbjjpnfppl [2016-04-18]
OPR Extension: (All in one web searcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\enofjgiadilpmldfknojklfjbeaooiap [2017-09-11]
OPR Extension: (Ddict Translate: Translator - Dictionary) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fcfpagpiibkilokeihmaggjgheaemgbi [2017-12-17]
OPR Extension: (Text Lesegerät (Text zu Sprache)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdffijlhedcdiblbingmagmdnokokgbi [2017-11-19]
OPR Extension: (SimpleUndoClose.test) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjjibgcfnmpcdipdfamlcghkphflpcfb [2017-04-16]
OPR Extension: (1Password extension (desktop app required)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpnbobholfpcolmkinlokiaaanjilcop [2018-06-27]
OPR Extension: (Scroll to Top) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbefdhcpnalckelncafcbmdifclnlmce [2017-11-20]
OPR Extension: (Linkman) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbeghboempnjlacepdnkgnpplgjadpnl [2014-06-18]
OPR Extension: (Classic Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbekmpnpfkkijbodegokaigmhedbbkmg [2016-01-16]
OPR Extension: (SimpleTabOrder) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gcphmfnknfenaigpefdlmnbgnjaebjim [2018-02-19]
OPR Extension: (XTranslate) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfgpkepllngchpmcippidfhmbhlljhoo [2018-05-28]
OPR Extension: (SimpleExtManager) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ggfngijafepjalmbhefafhdeedobcdbf [2018-05-28]
OPR Extension: (Super Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme [2017-11-19]
OPR Extension: (Etymonline) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\giehjnnlopapngdjbjjgddpaagoimmgl [2018-01-04]
OPR Extension: (Selection Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2018-07-26]
OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2018-07-21]
OPR Extension: (Google Right-Click Multi-Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hacdkngldbgplmdlmdhgiehbmmlckmea [2017-09-13]
OPR Extension: (Ultimello, the features pack for Trello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hahbfgjfimnmogoinnenhheepfcphnmm [2018-06-22]
OPR Extension: (Pocket (formerly Read It Later)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hedlhkdmdlcjhiblbmfggdiaeekblnoi [2018-05-05]
OPR Extension: (Video Autoplay Blocker by Robert Sulkowski) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiefnnpeemndbkjphkiffdfjbgaapifa [2016-01-17]
OPR Extension: (DotVPN — a better way to VPN) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2018-05-19]
OPR Extension: (JavaScript Toggle On and Off) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hldheaackmkeadbfdaiidijnilnbgifo [2018-04-04]
OPR Extension: (V7 Gmail Zoom) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnfpfgoekopajiblcenihlclkgphkgmn [2017-04-13]
OPR Extension: (I don't care about cookies) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\iambaeepkgdclnmbfdnnohkjjpdglbeo [2018-08-01]
OPR Extension: (Sprachenfilter für Wikipedia) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibgceajjjioihilfcdppneoljcaofokk [2018-05-28]
OPR Extension: (Wiktionary Search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibncmbgpniokogofpkjnlcpfpiodoppk [2017-10-21]
OPR Extension: (Wolfram|Alpha (Official)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2017-11-19]
OPR Extension: (Text to Speech (TTS)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ifnfkcmbdaelhfkpkoncangcnhieanmj [2017-10-21]
OPR Extension: (Malwarebytes Browser Extension) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2018-08-16]
OPR Extension: (Reader View) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ikmhokpogledimpnfdbcgondkbmfkfjc [2018-06-04]
OPR Extension: (Social Fixer for Facebook) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\inficfabgpfjiegjgnhmjdagmhlmakoo [2018-06-27]
OPR Extension: (Disable HTML5 Autoplay) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jbinbhipioellbajhbkjlpioadehpfdj [2016-08-03]
OPR Extension: (YouTube High Definition) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcdpccclajomeaeeoggbhglfomndjgfp [2016-02-06]
OPR Extension: (Close Duplicate Tab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcmhmgmojlljfpfnmlbnipanelaliikl [2016-07-28]
OPR Extension: (CloseTab) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdclfnplpfhdgcmafpbodpejpdnbfhpb [2016-04-20]
OPR Extension: (Translate Web Page) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jggobmlojchhlngdhmmdghgganciigof [2016-02-03]
OPR Extension: (Font Changer with Google Web Fonts™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2017-11-28]
OPR Extension: (User-Agent Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2017-11-19]
OPR Extension: (Save To The Wayback Machine) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkoddmeemofcjjeckgiddpgdbnnafoib [2018-05-10]
OPR Extension: (Search Window) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmjjleckcgnlmampjifnllbdhkobinbl [2017-12-17]
OPR Extension: (View Image - \) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2018-08-18]
OPR Extension: (Grammarly for Chrome) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-16]
OPR Extension: (The Switcher) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbgapjibpomfdnhllkbijmolmnhloona [2016-04-18]
OPR Extension: (uBlock Origin) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2018-07-19]
OPR Extension: (Stylus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdinfjomkigjcjcbigolloleeiianaif [2018-07-16]
OPR Extension: (Leo Dictionary Widget) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kepemmpmljphklmpfgfmhpjhpdlccpke [2017-10-14]
OPR Extension: ( Copy URLs ) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgmdofgghbeipjnddielphhhecgnppab [2016-04-18]
OPR Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khgbdhkpcapllhgfekjegcinegfhjbmi [2018-04-09]
OPR Extension: (V7 Sessions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmbgihnlknbjgjhmekjeoidpfimabpp [2016-11-10]
OPR Extension: (Install Chrome Extensions) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2018-08-18]
OPR Extension: (Force Download) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\klahcccondnnonafcbcdgbahphglbjjg [2017-12-11]
OPR Extension: (Flash Player for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knbfimhapmnifdchcafinkbfikmomaak [2016-12-15]
OPR Extension: (etymon one-click search) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\knhbicgmdmcjehdpmipibiebegaoiecc [2017-09-16]
OPR Extension: (Wiktionary Language Filter) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lagbmmpeihgfankilcjbkpnmejeblkif [2017-11-19]
OPR Extension: (Direct links for Google Image) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lbbpfcajcbdmfhkkleloodefhanneljl [2018-04-12]
OPR Extension: (Disable Extensions Temporarily) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lcfdefmogcogicollfebhgjiiakbjdje [2017-09-13]
OPR Extension: (Wikimedia Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lclegfmhkjbcpiikogacbfbpdgfbdifi [2017-11-19]
OPR Extension: (Free Auto Refresh) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfkfikiejjfhpfbpgfolfkkdjpepmkal [2018-04-18]
OPR Extension: (Sidebar for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljkgfkfopogmclcinephnaeekjiikibd [2017-09-27]
OPR Extension: (V7 Drag) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\lmmhflhfcljkioicbckchnpfiffcjkjp [2017-11-19]
OPR Extension: (Nehmen Sie Screenshot der Webseite - FireShot) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-01-08]
OPR Extension: (Tampermonkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2017-11-19]
OPR Extension: (Tab Close Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfkclbfmlbdmjhndmdbbcmlnhojgopdd [2016-04-18]
OPR Extension: (CLEAN crxMouse Gestures) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mjidkpedjlfnanainpdfnedkdlacidla [2017-11-20]
OPR Extension: (About://Internal Pages) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpkgnldklpemphbfogboacnljgfpnkme [2016-07-28]
OPR Extension: (Video Speed Controller) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-07-08]
OPR Extension: (Copy URL + Title) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nhmdngoiikdcodlpeifbjcjpjhefipal [2016-04-18]
OPR Extension: (Save to Pocket) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2018-07-08]
OPR Extension: (Violent monkey) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2017-11-19]
OPR Extension: (Scroll To Top Button) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\njdplanogllnioicoadncjfgfhdnnpha [2018-08-08]
OPR Extension: (dict-cc) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-10-07]
OPR Extension: (SaveFrom.net Helfer) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2018-08-18]
OPR Extension: (Better History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\obciceimmggglbmelaidpjlmodcebijb [2017-12-22]
OPR Extension: (Enhancer for YouTube) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2018-08-01]
OPR Extension: (Zoom Popup) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofpknbbbohcgomapfgcgadleckdagikj [2016-04-18]
OPR Extension: (Google™ Translator Sidebar) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ogmklpmbehclccahgccdnhjipkmmjaom [2017-08-15]
OPR Extension: (Adblock Plus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-07-19]
OPR Extension: (Open Multiple URLs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oifijhaokejakekmnjmphonojcfkpbbh [2017-11-21]
OPR Extension: (LEO Wörterbuchsuche) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp [2018-01-08]
OPR Extension: (Mercury Reader) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2018-06-10]
OPR Extension: (Mate Translate – Übersetzer, Wörterbuch) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2018-07-10]
OPR Extension: (V7 History) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\oneajlghdhobcelcgbgkjaipjoopcggg [2017-08-11]
OPR Extension: (Remove cookie(s) for the current domain) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\opbghiaphmcbefjfoihikkbpjaoanala [2017-03-16]
OPR Extension: (FlexyTrello) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pggiemacedhgohmpcgdpceckeicjlgfn [2018-01-05]
OPR Extension: (Context Menus) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\phlfmkfpmphogkomddckmggcfpmfchpn [2017-11-20]
OPR Extension: (Extract Tabs) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\pibjcpkpaecbpifdkbehcicaoaejkaie [2016-04-18]
OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2018-08-01]
OPR Extension: (Enhancer for YouTube™) - C:\Users\d\AppData\Roaming\Opera Software\Opera Stable\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll []
OPR Extension: (Enhancer for YouTube™) - C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_22_0_0_192.dll []
StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files (x86)\Opera developer\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
R2 AS ContentsDL; C:\Program Files\NEC\AtrioSide\AS_ContentsDL.exe [70520 2013-09-17] (NEC Personal Computers, Ltd.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2018-04-09] (AOMEI Tech Co., Ltd.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-03-29] (Digital Wave Ltd.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel)
R2 ecomonsv; C:\Program Files\EcoViewer\ecomonsv.exe [280496 2012-12-04] (NEC Personal Computers, Ltd.)
R2 ibtsiva; C:\windows\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd)
S4 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [363144 2016-02-05] (Mailbird)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S4 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2016-12-17] (StagWare) [File not signed]
R2 NEC Move Media Server Monitor Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSMonitorService.exe [134920 2013-12-16] (CyberLink)
R2 NEC Move Media Server Service; C:\Program Files (x86)\CyberLink\NEC Move Media Server\NECMoveMSServer.exe [375560 2013-12-16] (CyberLink)
R2 NECBT SERVICE; C:\Program Files\NECBoot\NECBTSVC.exe [237496 2012-10-05] (NEC Personal Computers, Ltd.)
S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft)
R2 NT Meter; c:\windows\syswow64\NTMETER.exe [98672 2013-05-08] (NEC Personal Computers, Ltd.)
S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 PeakShiftSvc; C:\Program Files\PeakShiftTool\PeakShiftSvc.exe [289624 2013-07-02] (NEC Personal Computers, Ltd.)
R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12704 2017-01-15] ()
R2 ScVssService64; C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [75048 2013-01-28] (Centered Systems)
S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [183568 2018-03-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [X]
S2 EaseUS Agent; "C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe" [X]
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S4 watchtw; C:\windows\SysWOW64\wtwatch.exe [X]
S2 WebServTw; C:\windows\SysWOW64\wstw.exe [X]
S4 wtflserv; C:\windows\SysWOW64\fltw.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\windows\System32\ambakdrv.sys [51120 2016-12-21] ()
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [171952 2016-12-21] ()
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [38320 2017-09-01] ()
R0 EUBAKUP; C:\windows\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] () [File not signed]
R1 EUDSKACS; C:\windows\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\windows\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [231400 2017-05-19] (Intel Corporation)
R3 ikbevent; C:\windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R1 MFKGTKEY; C:\windows\system32\drivers\mfkgtkey.sys [26960 2013-09-19] (NEC Personal Computers, Ltd.)
R1 MpKsla86e2d05; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92AC32E2-4708-485B-84B5-7196B783C86C}\MpKsla86e2d05.sys [58120 2018-08-19] (Microsoft Corporation)
R3 necbatt; C:\windows\System32\drivers\necbatt.sys [19760 2013-06-20] (NEC Personal Computers, Ltd.)
R3 necextif; C:\windows\System32\drivers\necextif.sys [26448 2013-06-21] (NEC Personal Computers, Ltd.)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3521032 2017-11-08] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 Ps2Led; C:\windows\system32\DRIVERS\Ps2Led.sys [18768 2013-09-19] (NEC Personal Computers, Ltd.)
R1 Ps2LedIF; C:\windows\system32\drivers\ps2ledif.sys [16208 2013-09-19] (NEC Personal Computers, Ltd.)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows (R) Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [31856 2017-03-23] (Windows (R) Win 7 DDK provider)
R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-07-18] (Corel Corporation)
R3 RadioSwitchHID; C:\windows\System32\drivers\RadioSwitchHID.sys [19456 2012-08-24] (NEC Personal Computers, Ltd.)
S3 RTLU3E8023-W8-64; C:\windows\system32\DRIVERS\rtu30x64w8.sys [70656 2013-06-18] (Realtek )
R3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R0 Sahdad64; C:\windows\System32\Drivers\Sahdad64.sys [28304 2013-07-23] (Corel Corporation)
R0 Saibad64; C:\windows\System32\Drivers\Saibad64.sys [20112 2013-07-23] (Corel Corporation)
R1 SaibVdAd64; C:\windows\System32\Drivers\SaibVdAd64.sys [27792 2013-07-23] (Corel Corporation)
R3 VBoxNetAdp; C:\windows\system32\DRIVERS\VBoxNetAdp6.sys [198032 2018-02-26] (Oracle Corporation)
R1 VBoxNetLwf; C:\windows\system32\DRIVERS\VBoxNetLwf.sys [208392 2018-02-26] (Oracle Corporation)
S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [125008 2015-12-18] (Oracle Corporation)
S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2017-09-24] (OpenLibSys.org)
R1 wtfilter_6589; C:\windows\System32\drivers\wtfilter_6589.sys [86488 2017-02-06] ()
R3 ALSysIO; \??\C:\Users\d\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
U0 aswVmm; no ImagePath
S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X]
S3 btmhsf; \SystemRoot\system32\DRIVERS\btmhsf.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-19 13:05 - 2018-08-19 13:05 - 001449472 _____ (Adobe Systems Incorporated) C:\Users\d\Downloads\uninstall_flash_player.exe
2018-08-19 12:47 - 2018-08-19 13:10 - 000000000 _____ C:\Users\d\Desktop\Fixlog.txt
2018-08-19 12:45 - 2018-08-19 13:19 - 000000000 ____D C:\Users\d\Desktop\FRST-OlderVersion
2018-08-19 00:56 - 2018-08-19 00:56 - 000000002 _____ C:\Users\d\Desktop\terhvlgllyjbckjx.txt
2018-08-19 00:55 - 2018-08-19 00:55 - 000000002 _____ C:\Users\d\Desktop\ishuovkybgdexyhz.txt
2018-08-18 17:30 - 2018-08-18 17:30 - 007197480 _____ (VS Revo Group ) C:\Users\d\Downloads\revosetup205.exe
2018-08-18 17:30 - 2018-08-18 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-08-18 17:30 - 2018-08-18 17:30 - 000000000 ____D C:\Program Files\VS Revo Group
2018-08-18 11:34 - 2018-08-19 13:57 - 000049052 _____ C:\Users\d\Desktop\FRST.txt
2018-08-18 00:19 - 2018-08-18 00:34 - 000000000 ____D C:\AdwCleaner
2018-08-18 00:09 - 2018-08-18 00:12 - 007417040 _____ (Malwarebytes) C:\Users\d\Downloads\adwcleaner_7.2.2.exe
2018-08-17 20:16 - 2018-08-17 20:16 - 002412544 _____ (Farbar) C:\Users\d\Downloads\FRST64.exe
2018-08-17 20:14 - 2018-08-19 13:56 - 000000000 ____D C:\FRST
2018-08-16 00:30 - 2018-07-19 09:06 - 007371616 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-08-16 00:30 - 2018-07-19 08:48 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-08-16 00:30 - 2018-07-19 08:15 - 025745408 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-08-16 00:30 - 2018-07-19 06:35 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-08-16 00:30 - 2018-07-19 06:33 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-08-16 00:30 - 2018-07-19 06:33 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-08-16 00:30 - 2018-07-19 06:30 - 005778432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-08-16 00:30 - 2018-07-19 06:22 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2018-08-16 00:30 - 2018-07-19 06:21 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-08-16 00:30 - 2018-07-19 06:05 - 000497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-08-16 00:30 - 2018-07-19 06:03 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-08-16 00:30 - 2018-07-19 06:01 - 002295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-08-16 00:30 - 2018-07-19 05:55 - 000662016 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-08-16 00:30 - 2018-07-19 05:55 - 000099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2018-08-16 00:30 - 2018-07-19 05:54 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-08-16 00:30 - 2018-07-19 05:47 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-08-16 00:30 - 2018-07-19 05:46 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-08-16 00:30 - 2018-07-19 05:45 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-08-16 00:30 - 2018-07-19 05:45 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-08-16 00:30 - 2018-07-19 05:43 - 002136064 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-08-16 00:30 - 2018-07-19 05:32 - 004494848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-08-16 00:30 - 2018-07-19 05:31 - 004510720 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-08-16 00:30 - 2018-07-19 05:30 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 002882048 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2018-08-16 00:30 - 2018-07-19 05:28 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-08-16 00:30 - 2018-07-19 05:28 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-08-16 00:30 - 2018-07-19 05:20 - 001554944 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-08-16 00:30 - 2018-07-19 05:17 - 001049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2018-08-16 00:30 - 2018-07-19 05:09 - 004037632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-08-16 00:30 - 2018-07-19 05:09 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-08-16 00:30 - 2018-07-19 05:06 - 001329152 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-08-16 00:30 - 2018-07-19 05:04 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-08-16 00:30 - 2018-07-13 09:51 - 002452824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-08-16 00:30 - 2018-07-07 20:33 - 001548632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2018-08-16 00:30 - 2018-07-07 19:05 - 004169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-08-16 00:30 - 2018-07-07 19:02 - 000096768 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2018-08-16 00:30 - 2018-07-07 19:00 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2018-08-16 00:30 - 2018-07-07 18:33 - 000078336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2018-08-16 00:30 - 2018-07-07 18:31 - 000113664 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2018-08-16 00:30 - 2018-07-06 19:37 - 001754624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2018-08-16 00:30 - 2018-07-06 18:36 - 001491968 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2018-08-16 00:30 - 2018-06-30 20:00 - 001113952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2018-08-16 00:30 - 2018-06-27 20:10 - 000559104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\csc.sys
2018-08-16 00:30 - 2018-06-27 19:48 - 000141312 _____ (Microsoft Corporation) C:\windows\system32\CscMig.dll
2018-08-16 00:30 - 2018-06-24 17:11 - 000748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-08-16 00:30 - 2018-06-24 17:04 - 000504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-08-16 00:30 - 2018-06-19 15:38 - 003611136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2018-08-16 00:30 - 2018-06-19 15:38 - 003321344 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2018-08-16 00:30 - 2018-06-19 15:31 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2018-08-16 00:30 - 2018-06-19 15:29 - 000065536 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2018-08-16 00:30 - 2018-06-16 17:03 - 002779136 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-08-16 00:30 - 2018-06-16 16:59 - 002464256 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-08-16 00:30 - 2018-06-15 06:34 - 000923512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2018-08-16 00:30 - 2018-06-15 04:12 - 000477696 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2018-08-16 00:30 - 2018-06-15 03:55 - 000840192 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2018-08-16 00:30 - 2018-06-15 03:43 - 000186880 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2018-08-16 00:30 - 2018-06-15 03:26 - 000514560 _____ (Microsoft Corporation) C:\windows\system32\winspool.drv
2018-08-16 00:30 - 2018-06-15 03:22 - 000866304 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2018-08-16 00:30 - 2018-06-15 03:19 - 000399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\winspool.drv
2018-08-16 00:30 - 2018-06-08 20:47 - 000083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-08-16 00:29 - 2018-07-19 06:23 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-08-16 00:29 - 2018-07-19 05:53 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2018-08-16 00:29 - 2018-07-19 05:34 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2018-08-16 00:29 - 2018-07-19 05:28 - 000333312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-08-16 00:29 - 2018-06-15 04:28 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-08-16 00:29 - 2018-06-15 04:00 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-08-11 07:55 - 2018-08-11 07:55 - 759471852 _____ C:\windows\MEMORY.DMP
2018-08-11 07:55 - 2018-08-11 07:55 - 000296888 _____ C:\windows\Minidump\081118-7421-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-19 13:48 - 2016-02-27 04:33 - 000000000 ____D C:\Users\d\AppData\Local\ClassicShell
2018-08-19 13:24 - 2014-06-11 01:30 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417334993-2898295356-3386692794-1001
2018-08-19 13:05 - 2013-08-22 17:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-08-19 13:05 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\Macromed
2018-08-19 12:59 - 2014-07-05 21:58 - 000000000 ____D C:\Users\d\AppData\Local\CrashDumps
2018-08-19 12:57 - 2014-06-12 21:16 - 000011354 _____ C:\windows\system32\perfh007.dat
2018-08-19 12:57 - 2014-06-12 21:16 - 000006212 _____ C:\windows\system32\perfc007.dat
2018-08-19 12:57 - 2013-08-28 09:06 - 000018338 _____ C:\windows\system32\PerfStringBackup.INI
2018-08-19 12:57 - 2013-08-23 00:47 - 000005884 _____ C:\windows\system32\perfc011.dat
2018-08-19 12:57 - 2013-08-23 00:47 - 000005820 _____ C:\windows\system32\perfh011.dat
2018-08-19 12:57 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf
2018-08-19 12:52 - 2016-01-16 12:36 - 000000000 ____D C:\Program Files (x86)\Alternative Flash Player Auto-Updater
2018-08-19 12:51 - 2018-04-12 19:09 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2018-08-19 12:51 - 2016-07-25 16:40 - 000003332 _____ C:\windows\System32\Tasks\iToolsDaemon
2018-08-19 12:51 - 2016-01-16 12:43 - 000000000 ____D C:\Users\d\Desktop\acv507
2018-08-19 12:51 - 2016-01-11 12:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-08-19 12:51 - 2014-06-19 00:16 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-08-19 12:50 - 2018-04-12 19:10 - 000000082 _____ C:\windows\SysWOW64\winsevr.dat
2018-08-19 12:50 - 2016-05-28 22:55 - 000000000 ____D C:\Users\d\AppData\LocalLow\Temp
2018-08-19 12:50 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-08-19 12:50 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\BBI
2018-08-19 12:47 - 2013-08-22 17:36 - 000000000 ___HD C:\windows\system32\GroupPolicy
2018-08-19 12:34 - 2014-06-12 22:14 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-19 08:22 - 2014-06-11 01:27 - 000003868 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A885AFCF-DEDA-4845-AD42-3903A4A06B09}
2018-08-19 00:56 - 2016-12-05 16:31 - 000000000 ____D C:\Users\d\AppData\LocalLow\Mozilla
2018-08-18 22:04 - 2014-06-12 22:14 - 000003862 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1402604082
2018-08-18 17:51 - 2016-02-10 01:02 - 000000000 ____D C:\Program Files\Java
2018-08-18 17:51 - 2016-01-11 12:20 - 000000000 ____D C:\Program Files\Common Files\AV
2018-08-18 17:51 - 2013-08-22 16:44 - 000597840 _____ C:\windows\system32\FNTCACHE.DAT
2018-08-18 17:45 - 2014-06-11 01:50 - 000000000 ____D C:\Users\d\AppData\Local\Apple Computer
2018-08-18 17:44 - 2016-01-30 21:30 - 000000000 ____D C:\ProgramData\Apple Computer
2018-08-18 15:57 - 2018-04-25 19:12 - 000003668 _____ C:\windows\System32\Tasks\JavaUpdateSched
2018-08-18 15:57 - 2016-02-10 01:02 - 000145272 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2018-08-18 00:34 - 2017-08-17 18:04 - 000000000 ____D C:\ProgramData\iolo
2018-08-18 00:34 - 2017-08-17 18:04 - 000000000 ____D C:\Program Files (x86)\iolo
2018-08-18 00:34 - 2017-06-30 00:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-08-18 00:34 - 2014-06-17 04:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-18 00:32 - 2016-06-16 16:20 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-18 00:09 - 2018-02-19 17:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-08-17 23:44 - 2013-08-22 17:36 - 000000000 ___HD C:\windows\ELAMBKUP
2018-08-17 01:32 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\ELAM
2018-08-16 16:15 - 2013-08-22 17:36 - 000000000 ____D C:\windows\rescache
2018-08-16 04:31 - 2016-06-03 21:44 - 000003882 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1464983063
2018-08-16 04:31 - 2016-06-03 21:44 - 000000000 ____D C:\Program Files (x86)\Opera developer
2018-08-16 04:22 - 2013-08-22 17:36 - 000000000 ___RD C:\windows\ToastData
2018-08-16 02:12 - 2013-08-22 17:20 - 000000000 ____D C:\windows\CbsTemp
2018-08-13 15:49 - 2018-03-21 15:19 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-08-13 08:25 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness
2018-08-11 08:09 - 2014-06-11 01:25 - 000000000 ____D C:\Users\d
2018-08-11 07:55 - 2014-07-05 22:35 - 000000000 ____D C:\windows\Minidump
2018-08-10 00:38 - 2018-05-05 20:25 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 00:38 - 2018-05-05 20:25 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-04 01:46 - 2013-08-22 17:38 - 000836480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-08-04 01:46 - 2013-08-22 17:38 - 000181120 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-26 20:36 - 2016-01-11 13:09 - 000000000 ____D C:\windows\system32\appraiser
2018-07-26 20:26 - 2017-05-13 20:36 - 000002086 _____ C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-07-25 20:52 - 2016-01-23 02:31 - 000000000 ____D C:\ProgramData\Skype
2018-07-25 20:50 - 2016-01-23 02:31 - 000000000 ____D C:\Users\d\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2004-02-06 21:06 - 2004-02-06 21:06 - 000000000 ____H () C:\ProgramData\sdpsenv.dat
2018-07-18 08:04 - 2018-07-18 08:04 - 000000600 _____ () C:\Users\d\AppData\Local\PUTTY.RND
2018-01-13 16:54 - 2018-01-13 16:54 - 000000218 _____ () C:\Users\d\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-17 04:06

==================== End of FRST.txt ============================
--- --- ---


additional folgt in 15 Minuten.

lucina 19.08.2018 13:36
Hinweis:
Ich habe Windows Defender scannen lassen, dabei gab es 2 Alarme:

1. Kategorie: Softwarebundler
Beschreibung: Dieses Programm kann andere potenziell unerwünschte Software installieren.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
file:C:\Users\d\Downloads\com - setup files, exe\cwgproinst.exe
win32/fourthrem

Meine Einschätzung: Ich kenne den Programmierer, das ist m.E. ungefährlich.

---------------
Kategorie: Trojaner
Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.
file:C:\Users\d\AppData\Local\Mozilla\Firefox\Profiles\2udj1tce.default\cache2\entries\E7E48422403BAD09E9402DDCB2675AE37047FC31
trojan:win32/zpevdo.a

Meine Einschätzung: Siehe auch:

https://www.virustotal.com/de/file/edf1ba989fc43653d8571c3e2d563e55a00a9653e503e79b20528a2198122c4d/analysis/1525427512/

Ich habe die Datei in der Defender-"Quarantäne" und kann sie bei bedarf zusenden. Außerdem habe ich sie bei virustotal hochgeladen, siehe Link. Dazu habe ich Defender kurz deaktiviert, sie kopiert und hochgeladen. Keine Ahnung was das ist. Ist das etwa Kaspersky selbst?

Danke, zweite Teilspende ist raus. Vielen Dank erneut.

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.08.2018 01
Ran by d (19-08-2018 13:57:28)
Running from C:\Users\d\Desktop
Windows 8.1 Pro (Update) (X64) (2014-06-10 23:25:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1417334993-2898295356-3386692794-500 - Administrator - Disabled)
d (S-1-5-21-1417334993-2898295356-3386692794-1001 - Administrator - Enabled) => C:\Users\d
Guest (S-1-5-21-1417334993-2898295356-3386692794-501 - Limited - Disabled)
___VMware_Conv_SA___ (S-1-5-21-1417334993-2898295356-3386692794-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
7+ Taskbar Tweaker v5.2.1 (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\7 Taskbar Tweaker) (Version: 5.2.1 - RaMMicHaeL)
Abelssoft Undeleter (HKLM-x32\...\{1FB7B731-3479-4128-8299-A53922E47675}_is1) (Version: 4.2 - Abelssoft)
AbleWord v3.0 (HKLM-x32\...\AbleWord_is1) (Version:  - )
AkelPad 4.9.7 (HKLM-x32\...\AkelPad) (Version: 4.9.7 - )
Alternative Flash Player Auto-Updater (HKLM-x32\...\{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1) (Version: 1.2.0.1 - pXc-coding.com)
Anki (HKLM-x32\...\Anki) (Version:  - )
AnVir Task Manager Free (HKLM-x32\...\AnVir Task Manager Free) (Version:  - AnVir Software)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.0.0.0 - iMobie Inc.)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-Bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.)
ASF-AVI-RM-WMV Repair 1.82 (HKLM-x32\...\ASF-AVI-RM-WMV Repair_is1) (Version:  - Repair Video, Inc.)
Battery Alarm (HKLM-x32\...\{B7A43DA2-F2FD-44C2-A044-D24C3751C1BD}) (Version: 1.0.0 - Steve Emmons)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
BatteryMonitor (HKLM-x32\...\{F9046ACF-EF0A-47D6-8D37-64941CCCD4C0}) (Version: 1.0.0 - Mad Dog Apps)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bluefish 2.2.10 (HKLM-x32\...\Bluefish) (Version: 2.2.10 - The Bluefish Developers)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ChildWebGuardian PRO version 5.11.0.0 (HKLM-x32\...\ChildWebGuardian PRO_is1) (Version: 5.11.0.0 - Zimin Sergei Aleksandrovich IP)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU)
CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3223 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DigiBookBrowser Version 1.5.3.87 (HKLM-x32\...\{21357E10-BDCB-4CDD-B2A3-905DD7ED653D}_is1) (Version: 1.5.3.87 - LECRE Inc.)
doPDF (HKLM\...\{B271A7AA-588F-418F-8F65-37E38CBEABB2}) (Version: 8.5.940 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{fb478b24-519a-43d4-aeea-9a6712d28811}) (Version: 8.5.940 - Softland)
EaseUS Todo Backup Home 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
ECOみえグラフ (HKLM\...\{01F84262-DBC2-4B4D-8C4A-1C82D2CD88AA}) (Version: 1.5.0 - NEC Personal Computers, Ltd.)
ECOモード設定ツール (HKLM\...\{1D2AF0E5-3B07-4B0F-98BD-03F0918BC367}) (Version: 5.7.0 - NEC Personal Computers, Ltd.)
EditPlus (64 bit) (HKLM\...\EditPlus) (Version:  - ES-Computing)
EF Process Manager (HKLM-x32\...\EF Process Manager) (Version:  - EFSoftware)
EmEditor (64-bit) (HKLM\...\{36CC25CA-2E71-4839-A822-0D1EC0E52145}) (Version: 15.7.2 - Emurasoft, Inc.)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
ExactFile 1.0.0.15 (HKLM-x32\...\ExactFile_is1) (Version:  - StudyLamp Software LLC)
f.lux (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Flux) (Version:  - f.lux Software LLC)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.73.328 - Digital Wave Ltd)
Geany 1.26 (HKLM-x32\...\Geany) (Version: 1.26 - The Geany developer team)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
GPSoftware Directory Opus (HKLM-x32\...\{0A6AA615-5321-43A0-AFAE-97BF95013EA0}) (Version: 11.19 - GPSoftware)
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
iMazing 2.5.4.0 (HKLM\...\iMazing_is1) (Version: 2.5.4.0 - DigiDNA)
iMyfone D-Back 4.5.1.0 (HKLM-x32\...\{071B9303-5881-4BC6-B9E9-2E2D22C015C1}_is1) (Version: 4.5.1.0 - Shenzhen iMyfone Technology Co., Ltd.)
Intel Anti-Theft Discovery App (HKLM-x32\...\{B59285B4-6478-4FE2-9158-AAC7E4D892C3}) (Version: 1.1.2.8 - Intel Corporation)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.7.0.179 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}) (Version: 2.1.03638 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3338 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.3.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{396E9B28-F15F-4C05-A401-99DE1874C2CA}) (Version: 4.2.40.2439 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000071-0190-1031-84C8-B8D95FA3C8C3}) (Version: 19.71.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
IntelliWebSearch v.3 (HKLM-x32\...\IntelliWebSearch) (Version: 3.2.0.5 - Michael Farrell)
IntelliWebSearch v.5 (HKLM-x32\...\IntelliWebSearch5) (Version:  - Michael Farrell)
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan)
iTools 3 (HKLM-x32\...\ThinkSky) (Version:  - Shenzhen Thinksky Technology Co., Ltd.)
Java 10.0.2 (64-bit) (HKLM\...\{EECB2736-D013-5AC5-9917-7656712F6931}) (Version: 10.0.2.0 - Oracle Corporation)
jEdit 5.3.0 (HKLM\...\jEdit_is1) (Version: 5.3.0 - Contributors)
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
KeyboardTest V3.2 (HKLM\...\KeyboardTest_is1) (Version: 3.2 - PassMark Software)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
LibreOffice 6.0.5.2 (HKLM\...\{9645CDEF-085C-45F7-A3CD-B4B7046EF78C}) (Version: 6.0.5.2 - The Document Foundation)
Linkman (HKLM-x32\...\Linkman) (Version: 8.98 - Outertech)
Macrium Reflect Free Edition (HKLM\...\{1A399324-9784-4384-927F-0FEA922BC516}) (Version: 7.1.3317 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Mailbird (HKLM-x32\...\{242E441B-2194-4499-9EE7-2AA76C5E2318}) (Version: 2.2.1 - Mailbird)
Malwarebytes Version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
MicroDicom DICOM viewer 2.2.5 (HKLM-x32\...\MicroDicom) (Version: 2.2.5 - MicroDicom)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (de-DE, Hedda) (HKLM-x32\...\{ACFCC7B5-C028-40AE-A5F5-9778B41F22A2}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{e7784e4f-df08-46b2-8c4f-f981ee32bcff}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mnemosyne 2.5 (HKLM-x32\...\Mnemosyne_is1) (Version:  - )
Mouse Speed Switcher v3.4.0 (HKLM-x32\...\{D477774F-C7C1-4D63-B170-7242090BA710}_is1) (Version:  - Gianpaolo Bottin)
Movie Maker (HKLM-x32\...\{970F982A-E889-486B-BB26-B8598280D924}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Firefox 59.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.1 (x64 en-US)) (Version: 59.0.1 - Mozilla)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
music.jp PLAY 4.0 (HKLM-x32\...\music.jp PLAY_is1) (Version: 4.0 - Ventis Media Inc.)
NoteBook FanControl (HKLM-x32\...\{00111A7A-77A7-4AC6-A272-A56DFAD517E7}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare) Hidden
NoteBook FanControl (HKLM-x32\...\{666d9f07-291b-44a5-b86f-d5240e78692d}) (Version: 1.5.0.0 - Stefan Hirschmann - StagWare)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NoteTab 7 Trial (Remove only) (HKLM-x32\...\NoteTab 7 Trial_is1) (Version: 7.2 - Fookes Holding Ltd)
novaPDF 8 Printer Driver (HKLM\...\{F9F62525-05B6-4AD7-8D30-0D872CC1FB3C}) (Version: 8.5.940 - Softland)
novaPDF 8 SDK COM (x64) (HKLM\...\{2A16E811-1C7B-4483-96F7-226C8D738F34}) (Version: 8.5.940 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{A6DF899D-5518-4DAB-A4F9-F7D0CDD43224}) (Version: 8.5.940 - Softland)
Opera developer 56.0.3045.0 (HKLM-x32\...\Opera 56.0.3045.0) (Version: 56.0.3045.0 - Opera Software)
Opera Stable 55.0.2994.37 (HKLM-x32\...\Opera 55.0.2994.37) (Version: 55.0.2994.37 - Opera Software)
Oracle VM VirtualBox 5.1.34 (HKLM\...\{2FDA51A1-BCE0-40C6-9EC9-7778F72525C9}) (Version: 5.1.34 - Oracle Corporation)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
PDF-XChange Editor (HKLM\...\{5C198985-6833-4F92-BE9A-33FC8ACC1025}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{344e7cdb-4fda-4dc1-9dd8-1fa7b1694d7c}) (Version: 6.0.321.0 - Tracker Software Products (Canada) Ltd.)
PhoneRescue (HKLM-x32\...\PhoneRescue) (Version: 3.1.2.0 - iMobie Inc.)
Pinta 1.6 (HKLM-x32\...\{833CBF68-0FE7-44A4-86E6-71DE50A30465}) (Version: 1.6.0.0 - Pinta Community) Hidden
Pinta 1.6 (HKLM-x32\...\{aaa32734-ca38-494d-836c-f41822d11ed5}) (Version: 1.6.0.0 - Pinta Community)
Play.net (HKLM-x32\...\{8CE3D78F-7B81-46F5-977A-12DBA2CB5B9A}) (Version: 2.1.6 - NEC Personal Computers, Ltd.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Postbox (4.0.8) (HKLM-x32\...\Postbox (4.0.8)) (Version: 4.0.8 (en-US) - Postbox, Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Prio (HKLM\...\Prio) (Version: 2.1.0.4391 - )
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.0.0.276 - Bitsum)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala)
PyKeylogger - Simple Python Keylogger (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\PyKeylogger) (Version: 1.2.1 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Roxio Creator LJ (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.2.43.19 - Roxio)
Second Copy 8 (HKLM-x32\...\Second Copy 8_is1) (Version: 8.1.2.0 - Centered Systems)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Skype Version 8.27 (HKLM-x32\...\Skype_is1) (Version: 8.27 - Skype Technologies S.A.)
Smart Update (HKLM-x32\...\{EA65772D-1999-462B-BFC0-480A9515ABCC}) (Version: 2.0.2.0 - NECパーソナルコンピュータ株式会社)
SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.) Hidden
SmartVision/PLAYER DeskTopサービス (HKLM-x32\...\InstallShield_{71566D17-2BC4-4C62-BD23-F1E397FC1DBE}) (Version: 1.9.12016 - CyberLink Corp.)
SmEdit v1.170 (HKLM-x32\...\SmEdit) (Version: 1.170 - Sinner Computing)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SuperMemo (HKLM-x32\...\SuperMemo) (Version: 17.11 - SuperMemo World)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.8 - Synaptics Incorporated)
Syncios Data Recovery 1.0.9 (HKLM-x32\...\Syncios Data Recovery) (Version: 1.0.9 - Anvsoft)
System Checkup 4.0 (HKLM-x32\...\{918D30D3-AD9B-43A8-9EF7-463075DC93CD}_is1) (Version: 4.0.0.146 - iolo technologies, LLC)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
TED Notepad (HKLM-x32\...\TED Notepad) (Version: 6.0.2 - Medvedik, Juraj Simlovic)
Telegram Desktop Version 1.2.15 (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.15 - Telegram Messenger LLP)
TextPad 8 (HKLM\...\{861AB1C1-1967-4C4A-BF86-C255E2D2B8FD}) (Version: 8.0.0 - Helios)
UltraCompare (HKLM-x32\...\{C5337996-B87D-4CB8-A9D9-A9D66F27B88E}) (Version: 15.20.0.6 - IDM Computer Solutions, Inc.)
UltraEdit (HKLM\...\{AFFE5F64-3248-41E9-96AE-8B475F6EFAB3}) (Version: 22.20.0.49 - IDM Computer Solutions, Inc.)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
VEDIT 6.2 (HKLM-x32\...\Vedit) (Version:  - )
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
Vivaldi (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\Vivaldi) (Version: 1.14.1077.45 - Vivaldi)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
WhatsApp (HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\WhatsApp) (Version: 0.2.5371 - WhatsApp)
WhoCrashed 6.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - Intel (NETwNb64) net  (10/16/2017 19.10.10.2) (HKLM\...\87BD50FDDBB077656313DAABF938DE8C31D89265) (Version: 10/16/2017 19.10.10.2 - Intel)
Windows-Treiberpaket - Intel (NETwNb64) net  (10/31/2017 18.33.11.2) (HKLM\...\D6CC402604E3676A6C8B5028A493400358139A70) (Version: 10/31/2017 18.33.11.2 - Intel)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WMV Joiner version 1.1.2.8 (HKLM-x32\...\WMV Joiner_is1) (Version:  - )
Zimbra Desktop (64-bit) (HKLM\...\{9D3B5C7A-BB5B-4B92-8CF7-AE28F9E4C24A}) (Version: 7.2.8.12102 - Zimbra)
おすすめメニューNavi (HKLM\...\{69561DE9-373F-4273-AE2D-BD076E552C0C}) (Version: 2.2.1 - NEC Personal Computers, Ltd.)
おすすめ設定 (HKLM\...\{61558C29-0C3A-442B-A43C-C883B94E8929}) (Version: 1.0.0 - NEC Personal Computers, Ltd.)
おてがるバックアップ (HKLM-x32\...\{F353F974-64FF-44F5-AE2D-D079964C5685}) (Version: 4.6 - Roxio)
オンスクリーン表示の設定 (HKLM\...\{C8E0D8C6-7C6B-4EBE-B02A-C97E17796B97}) (Version: 1.0.0 - NEC Personal Computers, Ltd.)
クイックパワーオン (HKLM\...\{98916919-5ACD-415A-AA04-7B7B0A425BE6}) (Version: 1.1.0 - NEC Personal Computers, Ltd.)
ソフト&サポートナビゲーター (HKLM-x32\...\{8AF94405-08BB-4CF6-8856-84C88EAA7ECA}) (Version: 1.5.7 - NEC Personal Computers, Ltd.)
ソフト&サポートナビゲーター修正モジュール(2013年秋冬) (HKLM-x32\...\{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 -  ) Hidden
ソフト&サポートナビゲーター修正モジュール(2013年秋冬) (HKLM-x32\...\InstallShield_{D71D8D9F-DD66-414A-BA59-35801E154B9C}) (Version: 1.00.0000 -  ) Hidden
ソフト&サポートナビゲーター修正モジュール(Windows 8.1対応) (HKLM-x32\...\{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 -  ) Hidden
ソフト&サポートナビゲーター修正モジュール(Windows 8.1対応) (HKLM-x32\...\InstallShield_{BF2D8F67-ABA1-4081-9591-50167F772A57}) (Version: 1.00.0000 -  ) Hidden
バッテリ・リフレッシュ&診断ツール (HKLM\...\{B3806CF1-829E-4280-BC3E-1636035908FD}) (Version: 1.12.0 - NEC Personal Computers, Ltd.)
パネルオープンパワーオンの設定 (HKLM\...\{D637EF1B-3B6A-4680-A2F2-ACB6BF464DFA}) (Version: 1.2.0 - NEC Personal Computers, Ltd.)
パワーオフUSB充電の設定 (HKLM\...\{DFA0E609-8481-4E32-828E-7311E4936F99}) (Version: 2.4.0 - NEC Personal Computers, Ltd.)
ピークシフト設定ツール (HKLM\...\{4F3E3604-F81F-4768-BD87-6A692338A847}) (Version: 1.3.0 - NEC Personal Computers, Ltd.)
ファイナルパソコンデータ引越し 9 plus for NEC (HKLM-x32\...\{EE57E154-979A-4C6D-8459-296B1526D3FE}) (Version: 7.00.629.0 - AOS Technologies)
フォト ギャラリー (HKLM-x32\...\{CAF46B72-12E2-4FE7-A348-45999E69E1FE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
ワンタッチスタートボタンの設定 (HKLM\...\{AB281E2C-FA39-4CC0-B1B0-3DF24AD5B3D0}) (Version: 1.19.1312 - NEC Personal Computers, Ltd.) Hidden
再セットアップメディア作成ツール (HKLM-x32\...\{157C8082-2627-4236-A6CC-B797CF91D576}) (Version: 6.2.0 - NEC Personal Computers, Ltd.)
筆ぐるめ 20 (HKLM-x32\...\{02D371DE-95DC-4F6F-A1A6-4C957D6721A9}) (Version: 20.00.0008 - 富士ソフト株式会社)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{05468442-062B-425B-A1E5-7DC9077C0734}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{070057DA-0223-4D7E-B886-7CF38806F044}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0C89916D-7B21-4578-805E-A62B6DB24B85}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{0EAEF7F0-4566-4FC1-9170-8A02C4889CBD}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{110BD641-44EE-4E95-9CC9-0E21EDAB4A3B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1132C079-B5D2-47CC-8976-C03989AB1531}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1153FA7B-6348-420B-B0BF-E6B63D9AA284}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{132C9446-2F32-4CBA-8C03-FB8C8FFECAF5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{13526224-3C67-43AB-82A8-2740A138723E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{166669E8-3E01-4D42-B3C0-62FADDBAB00A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{181AC033-9534-4567-B173-6DA6525424E3}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19261A68-E50E-497B-A0BA-9909C586A9D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{19B119EA-A452-477B-8423-EAF115A29CEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1DEDC126-F5F3-48F1-9DB5-03D9BBC4F83E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{1E65BA05-6325-4B65-9D63-97DF1FEC92BB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{22410B2E-909D-4A70-8234-C64A75F9B844}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{262E2007-2F51-430E-9F43-A2F4BE8AAB65}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2797C792-9879-47ED-944C-19EBE866FC24}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2847421D-1EE5-4356-AFB2-DFE4E9D61C68}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{28916419-ECF6-45F0-8F20-87024C3837F6}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{295CEEF4-708C-48DB-8F3B-C30047A51281}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2BDB4786-A72C-4775-8FA4-A59967325612}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{2CE81929-7B17-4394-ABBF-765AF900A3EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32515D47-A1DD-4E97-A8B9-4B92D517C8A8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{32ABFD53-EC5A-4A31-8FB6-A0E8EEA4A31F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{35A48AC8-5632-4A47-B564-7B75321826E1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3932E526-705D-41B5-83FD-87D1DB82B6A7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3C0C7828-2BD0-4B57-B656-B5DB09550E73}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3DDC5BB3-A9B0-4787-B700-AD84FD0EB4D5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{3E7FF6D2-2973-4FA7-BDD8-1924AFDF2764}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{40BCE962-264C-452E-92E7-B5F35B3F2436}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{42AA6491-4D25-4054-AF0E-203B0780C144}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{43C9A239-A357-4176-9DED-49CFECD93C0B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{44AB264B-7136-4E41-A9AC-B9F876D162EC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4B0CA027-383D-41E6-97D7-F5EDEBC4916F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4C7A1662-008F-4EDC-97D3-D4199B062B4A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAD847C-28D6-4EA2-A833-63AC04BBDB02}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{4CAFD059-0F6A-4024-A81A-087CDB7D4633}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{51D11E0A-BF6C-4E44-8AB0-1AA8A2A73BF4}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{58F1A0DF-3038-4DD1-BCF6-406DD6AA4D1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E0CBCC1-A35D-447F-923F-5783E22ED791}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{5E5558B7-1B65-4EA1-92F4-8E9567C2ABFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{606372CE-5093-4FD7-A37D-3CE22496B6F9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{61267647-B40C-4050-ACE4-985D93253DFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{62162BC5-8419-4241-980C-649CC91B1E1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6282C6EB-E17C-4617-B72B-DB671AC7ABDE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{638C2808-47DE-4CC6-99B5-789EB0C86D77}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6619B693-BB07-475B-B595-C77E4CD3EBEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{68F233B6-F8C3-4A96-9100-003BCDCE53B8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6CA7C35E-1FC1-4C66-91A7-1FE5178F36A9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{6DB6DF3B-0DF4-4C66-B0FD-216BA16A1D34}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{721088D3-BD36-468C-8916-B5F2074F8023}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{760A2160-66F5-42F2-AD7A-A62AD9756CDF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7660000A-03D2-476F-91FC-2D863D6DCC03}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7725641E-7AB5-49EE-922D-E703CDB98588}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{782485F1-AA61-4F5F-8A59-03B6D2FF91C1}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7AAA42E5-5C43-48D1-B298-71146A878F7C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{7E6249E7-95C5-40CF-8E15-0034BA49F49B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{849783D6-6561-434F-ACE1-8A67783ED4FF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{8ED73585-3AA8-41E2-A98B-85FE2857B420}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{9F92194F-9039-4E49-BB83-1168EC86ABD9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A1B66AF8-20FB-4B52-947E-60F2048A2821}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A57DB49B-ABA0-45BE-AA2D-28C13E2919D8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{A782D6BE-5799-406E-86E1-6C5442F0D902}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B032B620-06B1-4D98-B09E-9D5BD7CD3BEC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B0F43F65-6282-457A-AAFC-8B0597EB8591}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B3726FEF-1166-4B1C-AB33-1FD76AE2B0E7}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B604EC25-0C5D-48DB-9E7C-243EDB3D84BF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{B80972C9-AF80-4F71-BB2B-9CB1FAED19F0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BC5D198E-58DF-4267-BBDB-22FF193B255D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{BF87ECFF-1A50-4CDD-BF9F-991EDCF75B1F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C09AC76A-826E-491E-87E0-46807D8215A5}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3B42C03-C1B7-4c1a-B384-BBAE19646333}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll ()
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C3D9D1E2-08A6-4937-AC5B-AA1E9A0971B9}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C4E34FA1-F051-4754-AC47-B946EA04031D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C85E45FD-576D-43FE-81C5-C4012999FEFA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8618129-8966-4851-A99A-4EEF208620AF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{C8F46A32-4FE4-408C-9F91-7F06460F42AE}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CB2CFC1A-5069-475C-B4BD-621E2A9A3A1B}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{CFB39FCE-8A04-479A-9248-0D3F45763954}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DAFE2BB3-20A0-45EA-A032-D42627572BCC}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DCBA6A6C-FEBD-4BE5-B027-B59730A4BA22}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DF3FAE68-02A8-4A29-A254-D04E03E4058D}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{DFA026EA-2024-4088-8417-126A2E2D2486}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{EAE666EA-3CB0-403D-974F-5D8358DE67FA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F0E2DAE4-25FA-4638-B789-B01CA9B4329C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F2AC96B1-3579-4F87-9111-DC670C02BEEB}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F43FEE01-24DB-4AC9-8FCF-73F1CBECDD8C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F8069691-0850-4326-B317-D5AF35F5DFA0}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F83118C7-0841-4A6C-BA28-855B24B17C1A}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{F93AD34F-D933-4BB7-917E-694DB52F82F8}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FB3D4710-33E5-4E78-8BF5-CE34A431174F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
CustomCLSID: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001_Classes\CLSID\{FC48C6DE-CEEB-4774-9412-2FF5689A8C9C}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [EditPlus] -> {36D94110-787C-4828-9C1B-0DAFEBC36069} => C:\Program Files\EditPlus\eppshell64.dll [2015-07-07] ()
ContextMenuHandlers1: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2017-03-06] (Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [EmEditor] -> {D4D48C93-BDC7-4E76-B530-2E4D13B0150F} => C:\Program Files\EmEditor\emedshl64.dll [2015-12-25] (Emurasoft, Inc.)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2014-06-13] (Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (The Eraser Project)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2015-11-29] ()
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] ()
ContextMenuHandlers1_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraEdit] -> {b5eedee0-c06e-11cf-8c56-444553540000} => C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll [2015-12-15] ()
ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [OpusZip] -> {E9FE4040-3C93-11D4-8006-00201860E88A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)
ContextMenuHandlers4_S-1-5-21-1417334993-2898295356-3386692794-1001: [UltraCompare] -> {C3B42C03-C1B7-4c1a-B384-BBAE19646333} => C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll [2015-12-17] ()
ContextMenuHandlers5_S-1-5-21-1417334993-2898295356-3386692794-1001: [DOpus] -> {B9DD4945-1BED-4CB7-994C-F40B72B7725A} => C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [2016-06-10] (GP Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FC94078-783C-4F45-9A83-EA7E687FF98A} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe
Task: {14C6A237-47B6-420D-98C7-B48C0E16B8BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {38875C0C-9D5E-4443-8174-2ACC325E0748} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-06-27] (Oracle Corporation)
Task: {4AEAC1FC-86EF-4742-9F8F-B9BB85B7E32A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {4C64B0C4-36F8-4B65-9F89-DDC3050A7844} - System32\Tasks\Opera scheduled Autoupdate 1402604082 => C:\Program Files (x86)\Opera\launcher.exe [2018-08-14] (Opera Software)
Task: {56E998C4-C729-4325-8DA2-4D1C164BFFFA} - System32\Tasks\Opera scheduled Autoupdate 1464983063 => C:\Program Files (x86)\Opera developer\launcher.exe [2018-08-14] (Opera Software)
Task: {72475EF4-D144-4C6F-8F30-933D699AE0A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {87DE09A6-0A20-44AF-9ECC-173BF2339374} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.)
Task: {8934D95E-BD1D-4B60-A7AA-28FD77234F91} - System32\Tasks\Anvirlauncher => C:\Program Files (x86)\AnVir Task Manager Free\anvirlauncher.exe [2016-02-28] (AnVir Software)
Task: {89C14123-E908-43C7-81FE-D388949FFFA1} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2016-07-25] ()
Task: {8A17FE54-DBCC-4FBA-98EA-FD88B993F327} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {9331D4AE-B609-43C9-A4F8-B611DEFF68FA} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {A06C3BF2-C5E5-417C-AE66-C08BCDCCC271} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {A228AF77-7ABF-4820-A6E7-DA52E1BF7474} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {A61B8BBA-960E-417E-B619-DE3911B4B16E} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2016-03-03] ()
Task: {AC925663-4A09-4B04-A33D-931EF33440D9} - System32\Tasks\{81F0B437-B032-4F42-869E-9200A9004B28} => c:\program files (x86)\opera\launcher.exe [2018-08-14] (Opera Software)
Task: {BBB5FFB3-5780-4C21-BA21-95B793B6AFC4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BCD4E4EC-D945-40F3-9E6A-E0BAFB278317} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-04] (Synaptics Incorporated)
Task: {DF167F93-F3BA-4561-93FC-768E43939C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-05] (Google Inc.)
Task: {E721563C-197D-47C4-9FE5-017A47B512F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {EDDC835F-5FFF-47DA-8849-A24D9414705E} - System32\Tasks\Core Temp Autostart d => C:\Program Files\Core Temp\Core Temp.exe [2018-05-20] (ALCPU)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-04-19 07:32 - 2015-09-01 15:41 - 000095008 _____ () C:\windows\System32\Primomonnt.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-12 12:06 - 2013-08-12 12:06 - 000198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 12:06 - 2013-08-12 12:06 - 000054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 12:06 - 2013-08-12 12:06 - 000034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2017-01-15 23:31 - 2017-01-15 23:31 - 000012704 _____ () C:\Program Files\Prio\prio_svc.exe
2016-07-25 16:40 - 2016-07-25 16:40 - 000486264 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
2015-04-15 22:13 - 2015-04-15 22:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-01-27 20:31 - 2015-07-07 13:16 - 000065800 _____ () C:\Program Files\EditPlus\eppshell64.dll
2015-11-29 11:09 - 2015-11-29 11:09 - 000117384 _____ () C:\Program Files\TextPad 8\System\ShellExt64.dll
2015-12-10 20:52 - 2015-12-17 22:20 - 000158208 _____ () C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\UC_ShellExt64.dll
2015-12-14 17:12 - 2015-12-15 05:20 - 000147968 _____ () C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll
2015-12-17 12:13 - 2015-12-17 12:13 - 004930560 _____ () C:\Users\d\Desktop\acv507\ArsClip.exe
2018-04-12 19:09 - 2018-04-09 20:24 - 000966512 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000343912 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000139120 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000360304 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000040816 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000499568 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000081768 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000114536 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000089968 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000073576 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000298864 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000978800 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000339816 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000126824 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000175984 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2018-04-12 19:09 - 2015-05-21 14:32 - 002403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2018-04-12 19:09 - 2018-04-09 20:24 - 000188272 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2017-07-18 00:46 - 2018-03-20 12:08 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2014-04-11 09:48 - 2013-10-15 06:10 - 000541683 _____ () C:\Program Files (x86)\CyberLink\NEC Move Media Server\sqlite3.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 002317688 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iOSDevice.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 001362808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscCore.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000180088 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscMods.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000152952 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Network.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000402808 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\TSLib.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000668536 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\UICore.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000044920 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Common.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000385912 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MediaUtil.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000548728 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Sqlite.dll
2016-07-25 16:40 - 2016-07-25 16:40 - 000103288 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\ZLib.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-31 10:45 - 2011-01-31 10:45 - 000559244 _____ () C:\Program Files (x86)\Linkman\sqlite3.dll
2013-10-21 02:36 - 2013-08-08 06:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-08-18 22:04 - 2018-08-18 22:03 - 087463000 _____ () C:\Program Files (x86)\Opera\55.0.2994.37\opera_browser.dll
2018-08-18 22:04 - 2018-08-18 22:00 - 004066904 _____ () C:\Program Files (x86)\Opera\55.0.2994.37\libglesv2.dll
2018-08-18 22:04 - 2018-08-18 22:00 - 000096856 _____ () C:\Program Files (x86)\Opera\55.0.2994.37\libegl.dll
2015-12-13 12:33 - 2015-12-13 12:33 - 000100864 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Scripts.dll
2015-12-13 12:33 - 2015-12-13 12:33 - 000044032 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Hotkeys.dll
2015-12-13 12:33 - 2016-02-23 12:21 - 000144896 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\ContextMenu.dll
2015-12-13 12:33 - 2015-12-13 12:33 - 000031744 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\SaveFile.dll
2015-12-13 12:33 - 2015-12-13 17:15 - 000061952 _____ () C:\Users\d\Desktop\Programme\AkelPad\AkelFiles\Plugs\Macros.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]
AlternateDataStreams: C:\ProgramData\Temp:8EFFFE8D [294]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\stwfp => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\google.com -> hxxps://docs.google.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2017-08-01 22:33 - 000000853 _____ C:\windows\system32\Drivers\etc\hosts

127.0.0.1 cryptomator-vault

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "IntelAntiTheftDiscoveryAppIECNotifier"
HKLM\...\StartupApproved\Run: => "AtrioSide"
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "ChildWebGuardian PRO Agent"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\StartupFolder: => "Telegram.lnk"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\StartupFolder: => "myBatteryMonitor.exe - Verknüpfung (funktioniert trotz der warnung).lnk.lnk"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Mailbird"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "DVSFreeVideoCallRecorder"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "WhatsApp"
HKU\S-1-5-21-1417334993-2898295356-3386692794-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F9D643D3-8497-43E4-98F3-38E716915A8E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E8B770A5-FA45-4D44-B58C-F97DD1977577}] => (Allow) LPort=2869
FirewallRules: [{900BB167-AA6B-4D13-9555-03CB4DDAF294}] => (Allow) LPort=1900
FirewallRules: [{D6F18BAF-16DE-469C-A520-9004AC0498C0}] => (Allow) C:\Program Files (x86)\AOS Technologies\ファイナルパソコンデータ引越し 9 plus for NEC\pcmover.exe
FirewallRules: [TCP Query User{A744A787-26B6-4CBF-AC16-D8B16B6CD448}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3611C606-8BCD-4157-B7F0-97CA21424398}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{0B623E7A-4890-41D8-8372-1C130AC8A356}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{09F7B869-195F-40C6-B266-6B04AFB2884F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3C3010E4-90F7-42A7-89F9-E3444CF94B06}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe
FirewallRules: [{AE7790C2-8769-41C5-841F-8D2AD8D9BA01}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\ctmn32.exe
FirewallRules: [{7BAC5F7A-284F-4108-9BC5-B75C3D72552E}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe
FirewallRules: [{9FFB909A-2927-4085-8066-0879D3AA0793}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\CTAdmin.exe
FirewallRules: [{F9D77D4C-761D-430E-88CB-D1B7A52097C8}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe
FirewallRules: [{11F3629D-245B-451A-A98E-64DFBD07B295}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\fbserver.exe
FirewallRules: [{56F4AF8E-57F8-41B4-A65A-0FBBA6C76B40}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe
FirewallRules: [{13C3D64E-22F7-4BA1-B58B-53265677C553}] => (Allow) C:\Program Files (x86)\SoftwareTime\ComputerTime\bin\STDownload.exe
FirewallRules: [{A0C999BA-C8BC-4281-8601-73750E5F1723}] => (Allow) LPort=8501
FirewallRules: [{32AB8D67-D054-4A79-8823-614FFEF6E01F}] => (Allow) LPort=8501
FirewallRules: [{505DA236-3A56-424B-9B99-EBB755EEC9AA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A902F6FB-3298-44B9-93ED-191D82C26CB9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{689C272A-0ECD-47F8-88F6-904975F51D79}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe
FirewallRules: [UDP Query User{11A1A67E-B038-48B3-89AB-F8F4F0268BB7}C:\program files (x86)\childwebguardian pro\contentwasher.exe] => (Block) C:\program files (x86)\childwebguardian pro\contentwasher.exe
FirewallRules: [{2117A44D-9AF0-4D84-A6FA-C2CE767375A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82444FCE-8B73-4EE6-9321-D147BB55E475}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E0FF1427-02F7-4FCF-B605-AA7720FECB39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C149F272-279C-452B-9C7D-9C93C179E6AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DEE3F7CC-FEC2-4054-9A70-A29139DE0761}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB91DF20-D673-499C-B644-030D9703474B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E815151-6904-496A-AC2D-72FC22009C49}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe
FirewallRules: [{3F403557-C2A9-4DB4-A08F-AAA175CF45EA}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\ContentWasher.exe
FirewallRules: [{A0292E51-FA3B-40A5-86B6-A69410C15431}] => (Allow) C:\Windows\SysWOW64\fltw.exe
FirewallRules: [{F59F9572-DAA8-49A7-B8B8-87D14203E726}] => (Allow) C:\Windows\SysWOW64\fltw.exe
FirewallRules: [{21B8CF93-A8AF-49E0-A5A8-4D90D71EA1F4}] => (Allow) C:\Windows\SysWOW64\wstw.exe
FirewallRules: [{A664E965-6F9C-4904-97B3-664A88C6C5D6}] => (Allow) C:\Windows\SysWOW64\wstw.exe
FirewallRules: [{596BBBC2-6C69-43DD-A9E3-2EAF611B034C}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe
FirewallRules: [{F3158699-F2C2-4B4D-9C97-8EDE44D0C91A}] => (Allow) C:\Windows\SysWOW64\wtwatch.exe
FirewallRules: [{C69239FF-06A3-4D0A-9444-F72972E53490}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe
FirewallRules: [{B4EFD6D8-6BAD-4D07-B5B5-6B2D0EFF9D69}] => (Allow) C:\Program Files (x86)\ChildWebGuardian PRO\PrgUpdater.exe
FirewallRules: [TCP Query User{B21120BA-3F16-452E-89E6-243273EEED0C}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [UDP Query User{05154D90-C128-45AD-880F-BC2AEC21295A}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [TCP Query User{0095AFA1-906D-40EB-8740-81E092A2EA5B}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe
FirewallRules: [UDP Query User{D4BFC90B-A4EE-47CF-8E06-21798F2B4FC7}C:\program files\second copy\seccopy.exe] => (Allow) C:\program files\second copy\seccopy.exe
FirewallRules: [{6DC437CD-3BEE-4A60-81F8-8B67FC3E055E}] => (Block) C:\program files\second copy\seccopy.exe
FirewallRules: [{3EF30085-232D-450A-A5C2-2484F10431B5}] => (Block) C:\program files\second copy\seccopy.exe
FirewallRules: [TCP Query User{35AEFCDE-F23F-4FD9-AE70-CB0DDF2953CA}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe
FirewallRules: [UDP Query User{D6AA058A-D730-4D0C-804C-63DE46208040}C:\program files (x86)\jivexdv\jre\bin\javaw.exe] => (Block) C:\program files (x86)\jivexdv\jre\bin\javaw.exe
FirewallRules: [TCP Query User{C339E5B9-07F3-463F-8D92-10E98B07F74E}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe
FirewallRules: [UDP Query User{36EE777D-F32F-4484-8CFA-A540C211237B}C:\program files (x86)\parallel password recovery\run_server.exe] => (Allow) C:\program files (x86)\parallel password recovery\run_server.exe
FirewallRules: [TCP Query User{290EC45F-8ECA-465A-8550-807F15B4CB76}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe
FirewallRules: [UDP Query User{7FB492CB-F6F5-4EE0-864F-95F55A6DFDEB}C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe] => (Allow) C:\users\d\appdata\local\temp\scoped_dir2376_30591\childwebguardianadm.exe
FirewallRules: [{A27C0608-11DD-46B0-93E8-8CB7D21E4418}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5A3641B2-C624-4A94-8FA9-DE244F8FC639}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F164DD20-6078-4B81-961C-083B0FF25404}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FBB6CB95-B7E6-4818-B62D-6724C436E3B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{103298D7-C2C7-4895-AF93-CD4A59B6C354}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{6833B99D-A1FD-4788-ACC3-3B5D8B6FDB81}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{2DC48355-FECA-488E-8202-684BD0D8D84C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{F6EF11B6-6AEA-4BAE-AA20-E91C42F7AD1F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{18F0E74C-3ACE-4781-B413-F0D422BB63CF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{863A523D-C261-4A82-A2A7-27447A8FC2F4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{FD947FEC-53B3-4BED-B0A8-4DA463021FCA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{D2B23179-C9B9-491E-AC91-B68A0C8ED660}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{84B862B7-8779-41D9-9055-94DBAC95D6DA}] => (Allow) C:\Program Files (x86)\Opera\51.0.2830.40\opera.exe
FirewallRules: [{50BD2E1A-D1D7-4D61-BBF1-54EBD9BBBC3A}] => (Allow) C:\Program Files (x86)\Opera developer\53.0.2885.0\opera.exe
FirewallRules: [{06476787-1BB0-4434-A169-C039F0E60556}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{5D961AE6-CB90-49AD-86B7-26B54B099719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2A8C58E0-93CA-4A29-A307-B6DE1FCED428}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9B9C6AEE-6B22-4E95-8D70-08F24E69290C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{82536828-3DCD-485E-B8A8-5ABF9005A3A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7CBB4B9B-D49D-4CEB-A6F3-F5616BB0653B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FC410A5-86DB-49D8-BD08-9989673770EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7ABA5E4A-1B70-4A10-B38E-CFA6AA3B0C7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5587DB5B-9321-4905-BC86-BFA9BDDE3795}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F72EC62-9A98-40DB-BEEB-7E2F44976DA7}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3037.0\opera.exe
FirewallRules: [{2CD1F32B-A7E8-4079-AD1A-20A3A188A14C}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
FirewallRules: [{BE925581-CA7C-4454-A982-95444FC76D7D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{D85E2CCA-81C2-493D-936B-6659F467F804}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{9B61E9B1-13F4-4D9F-BCAB-650459099F1D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{602E8DE6-890B-4FAA-8647-4F8602E5A1FA}] => (Allow) C:\Program Files (x86)\Opera developer\56.0.3045.0\opera.exe
FirewallRules: [{B1622777-7DF9-4853-8F45-47688DDD1DBC}] => (Allow) C:\Program Files (x86)\Opera\55.0.2994.37\opera.exe

==================== Restore Points =========================

13-08-2018 03:46:21 スケジュールされたチェックポイント
18-08-2018 17:31:16 Revo Uninstaller's restore point - 7-Zip 17.00 beta (x64)
18-08-2018 17:35:19 Revo Uninstaller's restore point - Adobe Flash Player 30 NPAPI
18-08-2018 17:36:49 Revo Uninstaller's restore point - CrystalDiskInfo 7.0.5
18-08-2018 17:39:00 Revo Uninstaller's restore point - Adobe Acrobat Reader DC - Deutsch
18-08-2018 17:41:50 Revo Uninstaller's restore point - OpenOffice 4.1.3
18-08-2018 17:44:05 Revo Uninstaller's restore point - QuickTime 7

==================== Faulty Device Manager Devices =============

Name: Bluetooth デバイス (RFCOMM プロトコル TDI)
Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth デバイス (パーソナル エリア ネットワーク)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2018 01:02:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Core Temp.exe, Version 1.12.1.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 87c

Startzeit: 01d437aa857a5ede

Endzeit: 15

Anwendungspfad: C:\Program Files\Core Temp\Core Temp.exe

Berichts-ID: 6690c74b-a39f-11e8-83c4-d8cc340e8750

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/19/2018 12:59:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006c0a67
ID des fehlerhaften Prozesses: 0x165c
Startzeit der fehlerhaften Anwendung: 0x01d437abb995b15a
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: f75a14bd-a39e-11e8-83c4-d8cc340e8750
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/19/2018 12:59:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: StartSU.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
  bei SU_Loader.suLogingCl..ctor()
  bei SU_Loader.Program.Main()

Error: (08/18/2018 06:02:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StartSU.exe, Version: 2.0.2.0, Zeitstempel: 0x534d0701
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02b80a67
ID des fehlerhaften Prozesses: 0x17bc
Startzeit der fehlerhaften Anwendung: 0x01d4370cecaa64ae
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NEC\SmartUpdate\StartSU.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 2a738cdd-a300-11e8-83c3-94fdb0ec2042
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/18/2018 06:02:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: StartSU.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
  bei SU_Loader.suLogingCl..ctor()
  bei SU_Loader.Program.Main()

Error: (08/18/2018 05:59:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.3.9600.18460 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: cc0

Startzeit: 01d4370c0ac4f255

Endzeit: 0

Anwendungspfad: C:\windows\explorer.exe

Berichts-ID: 9e08a327-a2ff-11e8-83c3-94fdb0ec2042

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/18/2018 05:51:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AkelPad.exe, Version: 4.9.7.0, Zeitstempel: 0x566d49e1
Name des fehlerhaften Moduls: Scripts.dll_unloaded, Version: 18.2.0.0, Zeitstempel: 0x566d4960
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000cb86
ID des fehlerhaften Prozesses: 0xd40
Startzeit der fehlerhaften Anwendung: 0x01d436e5f875d39c
Pfad der fehlerhaften Anwendung: C:\Users\d\Desktop\Programme\AkelPad\AkelPad.exe
Pfad des fehlerhaften Moduls: Scripts.dll
Berichtskennung: 85a83216-a2fe-11e8-83c2-f05b999e8540
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/18/2018 05:31:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, アクセスが拒否されました。
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


操作:
  ライター データを収集しています

コンテキスト:
  ライター クラス ID: {e8132975-6f93-4464-a53e-1050253ae220}
  ライター名: System Writer
  ライター インスタンス ID: {ce725637-8bf6-4c6d-84c7-d931e1ffb698}


System errors:
=============
Error: (08/19/2018 12:51:28 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/19/2018 12:51:22 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/19/2018 12:51:18 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/19/2018 12:51:10 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/19/2018 12:51:07 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/19/2018 12:51:03 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1794) (User: NT AUTHORITY)
Description: https://go.microsoft.com/fwlink/?linkid=852572

Error: (08/19/2018 12:51:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet filter server" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (08/19/2018 12:51:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "EaseUS Agent Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.


Windows Defender:
===================================
Date: 2018-08-18 23:31:18.229
Description:
Von Windows Defender wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Zpevdo.A&threatid=2147727143&enterprise=0
Name: Trojan:Win32/Zpevdo.A
ID: 2147727143
Schweregrad: ??
Kategorie: ??????
Pfad: file:_C:\Users\d\AppData\Local\Mozilla\Firefox\Profiles\2udj1tce.default\cache2\entries\E7E48422403BAD09E9402DDCB2675AE37047FC31
Erkennungsursprung: Lokaler Computer
Erkennungstyp: FastPath
Erkennungsquelle: Benutzer
Benutzer: lavie\d
Prozessname: C:\Program Files\GPSoftware\Directory Opus\dopus.exe
Signaturversion: AV: 1.273.1608.0, AS: 1.273.1608.0, NIS: 119.0.0.0
Modulversion: AM: 1.1.15100.1, NIS: 2.1.14600.4

Date: 2018-08-18 23:30:58.724
Description:
Von Windows Defender wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Fourthrem&threatid=221864&enterprise=0
Name: SoftwareBundler:Win32/Fourthrem
ID: 221864
Schweregrad: ?
Kategorie: ????????
Pfad: file:_C:\Users\d\Downloads\com - setup files, exe\cwgproinst.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: FastPath
Erkennungsquelle: Benutzer
Benutzer: lavie\d
Prozessname: C:\Program Files\GPSoftware\Directory Opus\dopus.exe
Signaturversion: AV: 1.273.1608.0, AS: 1.273.1608.0, NIS: 119.0.0.0
Modulversion: AM: 1.1.15100.1, NIS: 2.1.14600.4


CodeIntegrity:
===================================

Date: 2018-04-05 18:32:44.610
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 67%
Total physical RAM: 4015.7 MB
Available physical RAM: 1320.21 MB
Total Virtual: 12719.7 MB
Available Virtual: 8998.23 MB

==================== Drives ================================

Drive c: (Windows 8.1) (Fixed) (Total:225.93 GB) (Free:146.46 GB) NTFS
Drive f: (SD192GB) (Removable) (Total:183.33 GB) (Free:35.85 GB) NTFS

\\?\Volume{66bded32-fb6e-43d4-af27-9da22351b9e4}\ (Windows RE) (Fixed) (Total:0.93 GB) (Free:0.61 GB) NTFS
\\?\Volume{2c42f2fe-9218-4f8d-bd84-2ae9dde67a23}\ (NEC-RESTORE) (Fixed) (Total:11.23 GB) (Free:3.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 7D73FA8C)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 183.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

cosinus 19.08.2018 13:53
Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: Malwarebytes Version 3

Downloade Dir bitte Malwarebytes Anti-Malware 3
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



2. Schritt: ESET

Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
  • Starte die Installationsdatei.
  • Akzeptiere die Nutzungsbedingungen.
  • Wähle Erkennung evtl. unerwünschter Anwendungen aktivieren aus und klicke auf Scannen.
  • Zuerst werden die notwendigen Signaturen heruntergeladen, anschließend startet ESET automatisch den Suchlauf.
  • Am Ende des Suchlaufs werden gegebenenfalls die gefundenen Elemente aufgelistet.
  • Schließe den ESET Online Scanner rechts oben [ X ] und klicke anschließend auf Schließen.
  • Drücke bitte die Tastenkombination WIN+R zum Ausführen und kopiere folgenden Text in die Zeile und drücke im Anschluss auf OK:
    Code:
    notepad "%tmp%\log.txt"
  • Kopiere den gesamten Text mittels STRG+A und STRG+C hier in deine Antwort in CODE-Tags



3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

lucina 20.08.2018 00:14
MALWAREBYTES:
Code:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 19.08.18
Scan-Zeit: 15:17
Protokolldatei: 2e58f0b6-a3b2-11e8-9f74-0a0027000003.json

-Softwaredaten-
Version: 3.5.1.2522
Komponentenversion: 1.0.421
Version des Aktualisierungspakets: 1.0.6407
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: lavie\d

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 306487
Erkannte Bedrohungen: 1
In die Quarantäne verschobene Bedrohungen: 1
Abgelaufene Zeit: 9 Min., 29 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Warnen

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.IoloSC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{918D30D3-AD9B-43A8-9EF7-463075DC93CD}_is1, In Quarantäne, [1068], [349243],1.0.6407

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
ESET:

Code:
23:16:29 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.22.0
# EOSSerial=8209c5cbdd2e8e4b9d8964cdb2e619f8
# end=init
# utc_time=2018-08-19 21:16:29
# local_time=2018-08-19 23:16:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.3.9600 NT
23:16:34 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.22.0
# EOSSerial=8209c5cbdd2e8e4b9d8964cdb2e619f8
# end=init
# utc_time=2018-08-19 21:16:34
# local_time=2018-08-19 23:16:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.3.9600 NT
23:17:00 Call m_esets_charon_setup_create
23:17:00 Call m_esets_charon_create
23:17:00 m_esets_charon_create OK
23:17:00 Call m_esets_charon_start_send_thread
23:17:00 Call m_esets_charon_setup_set
23:17:00 m_esets_charon_setup_set OK
23:17:00 Updating
23:17:00 Update Init
23:17:09 Call m_esets_charon_setup_create
23:17:09 Call m_esets_charon_create
23:17:09 m_esets_charon_setup_set ERROR
23:17:09 Update Download
23:17:35 esets_scanner_reload returned 0
23:17:35 g_uiModuleBuild: 38438
23:17:35 Update Finalize
23:17:35 Call m_esets_charon_send
23:17:35 Call m_esets_charon_destroy
23:17:35 Updated modules version: 38438
23:17:44 Call m_esets_charon_setup_create
23:17:44 Call m_esets_charon_create
23:17:44 m_esets_charon_setup_set ERROR
23:17:44 Scanner engine: 38438
01:11:09 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.22.0
# EOSSerial=8209c5cbdd2e8e4b9d8964cdb2e619f8
# engine=38438
# end=finished
# bannerClicked=0
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2018-08-19 23:11:08
# local_time=2018-08-20 01:11:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.3.9600 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 34222 50480391 0 0
# scanned=484140
# found=5
# cleaned=0
# scan_time=5692
sh=5B5EA2F5CEC496F99D245A68C884C09F5849E037 ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\v1\20180818.003425\12\DMR\dmr_72.exe#5A6D45DE5477C400"
sh=EA2CBD48EE629BE2D1C4DAAD50A454096C03D75B ft=1 fh=0000000000000000 vn="Variante von Win32/UwS.ioloSCU.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\v1\20180818.003425\5\System Checkup\SysCheckup.exe.me#92CCBA9F04E04770"
sh=3479443A7590C4F72703AB052E03A1B2493AEF5B ft=1 fh=0000000000000000 vn="Variante von Win32/LuluSoftware.A eventuell unerwünschte Anwendung" ac=I fn="C:\ProgramData\PDF Architect 4\Installation\PDFArchitect4Installer.exe"
sh=3479443A7590C4F72703AB052E03A1B2493AEF5B ft=1 fh=0000000000000000 vn="Variante von Win32/LuluSoftware.A eventuell unerwünschte Anwendung" ac=I fn="C:\Users\All Users\PDF Architect 4\Installation\PDFArchitect4Installer.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/LuluSoftware.A eventuell unerwünschte Anwendung (öffnen nicht möglich:)" ac=I fn="${Startup}"
01:11:09 RecursiveRemoveDirectoryAndAllFiles: C:\Users\d\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
01:11:10 Call m_esets_charon_send
01:11:10 Call m_esets_charon_destroy
SecurityCheck:

Code:
Results of screen317's Security Check version 1.009 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 VirusTotal Uploader 2.2 
 Java version 32-bit out of Date!
 Google Chrome (68.0.3440.106)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Windows Defender MpCmdRun.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

- 1. Ich weiß nicht, was mit java los ist, jedenfalls habe ich in der Systemsteuerung Java auf Auto-Update und es zeigt an, es sei die neueste Version. Wo 32 bit ist und sich das updaten lässt, weiß ich nicht. Bei Programme und Features erscheint nur die 64-bit-version zum deinstallieren, und die ist up-to-date.)

- 2. ich bin mir unsicher, ob mein system denn nun kompromittiert wurde, oder ob die diversen viren/trojaner-meldungen, die in diesem Thread aufgetaucht sind, allesamt Fehlalarme waren oder zumindest nicht schwerwiegend.

Wie immer danke!

cosinus 20.08.2018 00:35
ich bin mir sehr sicher, dass du nicht kompromittiert bist. Schau dir die Ergebnisse an. Installer kann jeder verseuchen. Schau dir mal chocolatey an.

lucina 20.08.2018 00:48
1. Tausend dank Cosinus. Auch für deine Einschätzung bzgl. einer Kompromittierung.
2. Gab es einen Grund, warum du tdsskiller nicht eingesetzt hast? Ist es ok, wenn ich das noch durchlaufen lasse?
3. Hast du neben Windows Defender und emsisoft noch eine dritte AV-Empfehlung? Beides OK, aber noch eine zur Wahl wäre gut. ESET hat leidet geBSODet, und Kaspersky war bei av-comparatives ironischerweise mit der niedrigsten false-positive-rate und sehr hoher trefferrate, was kaufentscheidend war trotz der Russland-Geheimdienstsache.
4. Bin gerade dabei, mich mit Chocolatey auseinanderzusetzen, danke für diesen Tipp.
5. Chrome wird deinstalliert.

cosinus 20.08.2018 00:55
bist du auch bei den linken?

lucina 20.08.2018 01:31
also in österreich kann man auch als fpö-mitglied kgb-freund sein, siehe geburtstag der außenministerin. oder habe ich dich missverstanden?

cosinus 20.08.2018 07:31
Vergiss die Frage :D

tdsskiller hab ich nicht für notwendig erachtet. Und nein, außer Windows Defender und Emsi empfehl ich nur noch rein Malwarebytes. Du musst dich vom Gedanken verabschieden, dass es Sicherheit in bunten Pappschachteln gibt oder in form von setup.exe gibt. So funktioniert das nicht.


Dann wären wir durch! :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

Abschließend müssen wir noch ein paar Schritte unternehmen, um dein System aufzuräumen (cleanup mit DelFix) und abzusichern; ich poste dir dazu mal meine Lesestoffe. Wichtiger als irgendein AV ist ein vernünftiger Umgang, also gewisse Verhaltensregeln am Gerät mit Internetzugang, und ein paar grundsätzliche Absicherungen. Deswegen kommen die zuerst. Gliederung:

  1. Cleanup mit unserem TBCleanup-Script

  2. Grundsätzliches

  3. Absicherung

  4. Virenscanner + Firewall

  5. Backup- und Imaging-Tools



Lesestoff:
Cleanup

Alle Logs gepostet? Dann lade Dir bitte das TBCleanUpTool herunter.
  • Schließe alle offenen Programme.
  • Rechtsklicke auf die TBCleanUp.bat und wähle Als Administrator ausführen.
  • Drücke eine beliebige Taste, um den Entfernungsprozess zu starten.
Hinweis:
Das TBCleanUpTool entfernt die verwendeten Programme, die Quarantäne unserer Scanner und löscht sich abschließend selbst.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, die du nicht mehr verwenden möchtest, kannst du diese über die Systemsteuerung deinstallieren.




Lesestoff:
Grundsätzliches

Lesestoff:
Google Chrome

Von der Verwendung dieses Browsers muss man aus Datenschutzgründen dringend abraten. Siehe auch Google: Chrome-Browser scannt lokale Dateien auf Windows-PCs

Installiere Mozilla Firefox, damit lassen sich auch Profildaten aus Chrome importieren, anschließend Google Chrome deinstallieren, falls es noch installiert ist.


Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups deiner wichtigen Dateien oder des Systems (genaueres dazu im Lesestoff zu Backups)

Finger weg von Registry-Cleanern, Optimizern usw!!! - die Performancesteigerung ist umstritten bis ganz klar nicht belegbar, dafür hast du ein großes Risiko dein System zu zerstören v.a. bei Registry-Operationen. Das Beste ist, die windowseigene Datenträgerbereinigung zu verwenden - und die Registry in Ruhe zu lassen!


Softwareinstallationen und Aktualisierungen

Für Windows gibt es seit einiger Zeit einen brauchbaren Paketmanager, der mit einfachen Befehlen es erlaubt, automatisiert Software herunterzuladen und zu installieren. Das erspart eine Menge Arbeit, denn ohne einen Paketmanager muss man jedes Programm selbst prüfen und separat manuell updaten, vorher manuell noch runterladen etc. pp. - siehe auch --> http://www.trojaner-board.de/186035-...r-windows.html


Ich empfehle daher, alle Programme, sofern verfügbar, über chocolatey zu installieren. Falls du schon mit Linux zu tun hattest, wird dir die Syntax sehr vertraut sein. Die FAQs zu choco findest du da --> Chocolatey: Häufig gestellte Fragen (englisch)


Für den seltenen Fall, dass du das benötigte Programm NICHT im repository von chocolatey findest: Lade diese Software immer von einem sauberen Portal wie http://filepony.de/images/microbanner.gif. Finger weg von chip.de oder softonic!
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner.




Lesestoff:
Absicherung

Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch sicherheitsrelevante Software sollte immer in aktueller Version vorliegen - sofern benötigt, wenn nicht benötigt natürlich sinnigerweise deinstallieren oder Alternativen verwenden (und diese aktuell halten).

Das zeitnahe Einspielen von Updates ist erforderlich, damit Sicherheitslücken geschlossen werden; Sicherheitslücken werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Besonders aufpassen bzgl. der Aktualität musst du bei folgender Software:
  • Browser (Internet Explorer, Edge, Firefox, Chrome, ...)

  • Flash Player: Was Adobe mit seinem Flash Player veranstaltet, ist irgendwo zwischen Frechheit und Inkompetenz einzustufen; in dem Teil werden ständig neue dicke Sicherheitslücken gefunden - für YT reicht meistens HTML5 aus, das ist der Standardplayer wenn der Flash Player inaktiv oder nicht installiert ist; für spezielle Browsergames kann es aber sein, dass du den Flash Player brauchst. Nutze Flash so sparsam wie möglich und wenn dann immer aktuell halten!!

  • Java: Spielt kaum noch eine Rolle. Fast nirgendwo werden mehr Java-Applets eingesetzt. Wird noch für spezielles Zeugs in OpenOffice genutzt, IIRC brauchen auch manche Games Java. Aber wirklich sehr selten.

  • PDF-Reader: NICHT den AdobeReader benutzen, sondern besser sowas wie PDF-XChange; der interne PDF-Betrachter vom Firefox reicht meist auch aus. Vermeide Adobe unbedingt, das ist eine Firma mit miserabler Sicherheitspolitik!


Empfohlene Firefox-Addons (Erweiterungen):

https://addons.cdn.mozilla.net/user-...ied=1510319591uBlock Origin ist ein einfacher und zuverlässiger Ad- und Trackerblocker.

https://addons.cdn.mozilla.net/user-...ied=1511295622 HTTPS Everywhere Sorgt dafür, dass der Firefox immer, wenn möglich, verschlüsselte Verbindungen (HTTPS) verwendet statt HTTP. Wahlweise kann man darüber durch Setzen eines Häkchens auch alle unverschlüsselten Verbindungen blockieren, Firefox nutzt dann nur noch HTTPS und lädt nichts mehr über unverschlüsselte Verbindungen.




Lesestoff:
Virenscanner + Firewall

Vorab sei erwähnt, dass man niemals die Schutzwirkung eines Virenscanners überbewerten darf!

Die Dinger sind mittlerweile auch unter Windows stark umstritten und können Probleme bereiten, die man so ohne AV einfach nicht haben wird. Zudem werden sie auch niemals jeden Schädling finden können. Aussagen der Anbieter dieser Software entpuppen sich regelmäßig als Marketinggeblubber. Lies dazu => Aus aktuellem Anlass: Antivirus-Schlangenöl | Elias Schwerdtfeger und => http://www.golem.de/news/antivirenso...12-125148.html

Verwende also MAXIMAL ein einziges der folgenden AVs mit Echtzeitscanner und stets aktueller Signaturendatenbank; verwende immer nur reine Virenscanner (keine Produkte mit Suite oder Internet Security in Namen, denn diese bringen kontraproduktive Firewalls mit - die Windows-Firewall ist alles was benötigt wird!)



Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und/oder mit dem ESET Online Scanner scannen.






Lesestoff:
Backup-/Image-Tools

IMHO sind Wiederherstellungspunkte nix weiter als eine Notlösung, wer sich auf was Funktionierendes verlassen will und muss, kommt um echte Backup/Imaging Software nicht herum. Ich nehme unter Windows immer Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64

Damit man sinnvolle Backups hat muss man regelmäßig zB wöchentlich ein Image auf eine separate externe Festplatte erstellen. Diese externe Festplatte wird nur dann angeschlossen, wenn man das Backup erstellen will (oder etwas wiederherstellen muss), sonsten bleibt sie aus Sicherheitsgründen sicher im Schrank verwahrt - allein schon aus dem Grund, die Backups vor Krypto-Trojaner zu schützen.



Option 1: Drivesnapshot

Offizielle TB-Anleitung --> http://www.trojaner-board.de/186299-...esnapshot.html


http://cosinus.trojaner-board.de/ima...napshot002.png


Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64
Download (32-Bit) => http://www.drivesnapshot.de/download/snapshot.exe
Download (64-Bit) => http://www.drivesnapshot.de/download/snapshot64.exe


Es gibt da auch leicht abgespeckte Versionen von Acronis TrueImage gratis wenn man Platten von Seagate und/oder Western Digital hat. Vllt sagen diese Programme dir mehr zu. Mein Favorit aber ist das kleine o.g. Drivesnapshot.



Option 2: Seagate DiscWizard
Download => Seagate DiscWizard - Download - Filepony


Screenshots:
http://filepony.de/screenshot/seagate_discwizard5.jpg
http://filepony.de/screenshot/seagate_discwizard4.png
http://filepony.de/screenshot/seagate_discwizard3.jpg



Option 3: Acronis TrueImage WD Edition
Download => Acronis True Image WD Edition - Download - Filepony


Screenshots:
http://filepony.de/screenshot/acroni...d_edition1.jpg
http://filepony.de/screenshot/acroni...d_edition2.jpg

lucina 20.08.2018 16:04
Danke vielmals an Cosinus, Spende ist ja bereits erfolgt, und danke für die Tipps. Ratschläge werden befolgt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:45 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131