Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/ATRAPS.Gen4 delete, but no go.


  • This topic is locked This topic is locked
4 replies to this topic

#1 henri09

henri09

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Estonia
  • Local time:04:40 AM

Posted 03 January 2018 - 02:59 PM

Avira finds it every time when computer starts and connects to internet, deletes it. 
But odd things, can't log out from Gmail as before, have to open the profile in new tab, then can log out.
Also can't login to bittrex, makes some weird moves, though can log in on another PC.

Onedrive was totally deleted and turned off, now it has came again out of nowhere (turned it off again)
Superantispyware should be live-checking, but won't.
Superantispyware didn't find any infections in safe mode, Avira didn't work in safe mode.

Computer runs fine, but afraid of ID-s and PW-s.

Thanks guys for your work and time...

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Henri (administrator) on ARVUTI (03-01-2018 21:38:37)
Running from C:\Users\Henri\Downloads
Loaded Profiles: Henri (Available Profiles: Henri)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [SERVICE] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-03] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\MountPoints2: {2a4fcc44-2a03-11e5-827f-0090817d6aa3} - "H:\autorun.exe"
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\MountPoints2: {6387691f-38f2-11e5-8280-0090817d6aa3} - "G:\autorun.exe"
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\MountPoints2: {7d3025fb-6458-11e5-8263-b4b52f7b6ba0} - "I:\INSTALL.EXE"
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\MountPoints2: {87e4e969-78dd-11e5-8277-b4b52f7b6ba0} - "G:\setup.exe"
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\MountPoints2: {87e4e99a-78dd-11e5-8277-b4b52f7b6ba0} - "I:\setup.exe"
BootExecute: autocheck autochk * Partizan
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 85.253.0.130 85.253.0.2
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{2FE7F377-0B3A-40D8-B65B-90F04BF85240}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{2FE7F377-0B3A-40D8-B65B-90F04BF85240}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}: [DhcpNameServer] 85.253.0.130 85.253.0.2
Tcpip\..\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}: [DhcpNameServer] 82.163.143.176

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/?mtmhp=hyplogusaolp00000004
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aol.com/?mtmhp=hyplogusaolp00000004
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1191529984-1850047899-1010345412-1001 -> DefaultScope {40CC6DB6-3370-477D-AEBD-1ED09C1F2D8C} URL = hxxp://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=customie11-ie
SearchScopes: HKU\S-1-5-21-1191529984-1850047899-1010345412-1001 -> {40CC6DB6-3370-477D-AEBD-1ED09C1F2D8C} URL = hxxp://web.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=customie11-ie
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\gVEKLTxUjIE\tuJDog3.dll [2017-12-15] ()
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Open-EID\esteid-plugin-ie.dll [2017-10-16] (RIA)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\gVEKLTxUjIE\kGqTriT.dll [2017-12-15] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-24] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)

FireFox:
========
FF DefaultProfile: 90mbeyi0.default
FF ProfilePath: C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default [2018-01-03]
FF Homepage: Mozilla\Firefox\Profiles\90mbeyi0.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\90mbeyi0.default -> is enabled.
FF Extension: (No Name) - C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\fead-ac13-a231-e237 [2017-12-15]
FF Extension: (telegramdesktop) - C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\jid1-jo3WAqDcs5KSPj@jetpack.xpi [2017-11-06]
FF Extension: (S3.Translator) - C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\s3google@translator.xpi [2017-12-25]
FF Extension: (Speed Start) - C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\SStart@Off.JustOff.xpi [2017-05-08] [Legacy]
FF Extension: (Flagfox) - C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2018-01-01]
FF Extension: (Adblock Plus) - C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13]
FF Extension: (Adblocker for Youtube™) - C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi [2017-12-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF Extension: (Token signing) - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi [2017-10-16]
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Extension: (PKCS11 loader) - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi [2017-10-04] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1191529984-1850047899-1010345412-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Henri\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-10-19] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-1191529984-1850047899-1010345412-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Henri\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-10-19] (Epic Privacy Browser)

Chrome:
=======
CHR Profile: C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default [2018-01-02]
CHR Extension: (Slides) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-16]
CHR Extension: (YouTube) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-16]
CHR Extension: (Token signing) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg [2017-10-18]
CHR Extension: (Sheets) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2017-03-16]
CHR Extension: (Google Docs Offline) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-16]
CHR Extension: (Adblocker for Youtube™) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbfmjahlfpihaicncgoelafnpcldkpo [2017-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-16]
CHR Extension: (Chrome Media Router) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (__MSG_appName__) - C:\Users\Henri\AppData\Roaming\Opera Software\Opera Stable\Extensions\keakaoleafeemhlcpdgcgnaehpeofopp [2017-12-15]
OPR Extension: (Adblock Plus) - C:\Users\Henri\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-10-20]
OPR Extension: (Instant Translate: Select and Translate) - C:\Users\Henri\AppData\Roaming\Opera Software\Opera Stable\Extensions\ollghamalkmmhboihmhoaaobmamehjgn [2017-10-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-12-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-12-13] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-13] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [434248 2017-11-06] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25] (Avira Operations GmbH & Co. KG)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9272208 2013-08-16] (DisplayLink Corp.)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2017-02-15] (Macrovision Europe Ltd.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319080 2015-06-04] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe [734712 2017-12-04] (YANDEX LLC)
S2 HNService; C:\Users\Henri\AppData\Local\AdService\AdService.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
S3 atrfiltr; C:\WINDOWS\system32\DRIVERS\atrfiltr.sys [24968 2016-03-08] (Windows ® Win 7 DDK provider)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-07-07] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2017-12-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169376 2017-12-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-07-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-07-07] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-07-07] (Avira Operations GmbH & Co. KG)
S2 DirectNT; C:\Windows\System32\Drivers\DirectNT.sys [3424 1996-12-05] (c't) [File not signed]
S2 DirectNT; C:\Windows\SysWow64\Drivers\DirectNT.sys [3424 1996-12-05] (c't) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2015-10-22] (Disc Soft Ltd)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2015-09-16] (REALiX™)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-07-18] (Greatis Software)
R3 phantomtap; C:\WINDOWS\system32\DRIVERS\phantomtap.sys [35664 2017-09-27] (The OpenVPN Project)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
S3 tap-tb-0901; C:\WINDOWS\system32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 ATP; \SystemRoot\system32\DRIVERS\cmdatp.sys [X]
S3 SNP2UVC; \SystemRoot\system32\DRIVERS\snp2uvc.sys [X]
S3 TVICPORT; \??\C:\WINDOWS\system32\DRIVERS\TVICPORT.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-03 21:38 - 2018-01-03 21:39 - 000023382 _____ C:\Users\Henri\Downloads\FRST.txt
2018-01-03 21:37 - 2018-01-03 21:38 - 000000000 ____D C:\FRST
2018-01-03 21:37 - 2018-01-03 21:37 - 002393088 _____ (Farbar) C:\Users\Henri\Downloads\FRST64.exe
2018-01-02 22:25 - 2018-01-02 23:13 - 000200510 _____ C:\WINDOWS\ntbtlog.txt
2018-01-02 21:14 - 2018-01-02 21:14 - 000000000 ____D C:\Users\Henri\Desktop\rld-sims4doge
2017-12-29 12:25 - 2017-12-29 12:25 - 000023328 _____ C:\WINDOWS\System32\Tasks\{08080A47-7909-7E0A-0911-0F780C0D117D}
2017-12-29 12:25 - 2017-12-29 12:25 - 000004028 _____ C:\WINDOWS\System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F}
2017-12-29 12:25 - 2017-12-29 12:25 - 000003728 _____ C:\WINDOWS\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A}
2017-12-29 12:25 - 2017-12-29 12:25 - 000000000 ____D C:\ProgramData\a4bc5f4f
2017-12-29 12:25 - 2017-12-29 12:25 - 000000000 ____D C:\ProgramData\03d28774-7501-1
2017-12-29 12:25 - 2017-12-29 12:25 - 000000000 ____D C:\ProgramData\03d28774-2347-0
2017-12-29 12:25 - 2017-12-29 12:25 - 000000000 ____D C:\ProgramData\{90367219-279D-C5B2-866F-5503C211F610}
2017-12-29 12:25 - 2017-12-29 12:25 - 000000000 ____D C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}
2017-12-29 12:24 - 2017-12-29 12:25 - 000004214 _____ C:\WINDOWS\System32\Tasks\53AF43A0-7075-8072-607A-C941E21AA3BE
2017-12-29 12:24 - 2017-12-29 12:25 - 000000000 ____D C:\Users\Henri\AppData\Local\4BAEB25C-6F72-7F72-6EB1-48BD4ED0C2A9
2017-12-29 12:24 - 2017-12-29 12:24 - 000000000 ____D C:\ProgramData\{77be0a87-212c-0}
2017-12-29 12:24 - 2017-12-29 12:24 - 000000000 ____D C:\ProgramData\{37ca047f-012c-1}
2017-12-28 16:28 - 2017-12-28 16:28 - 000000000 ____D C:\Users\Henri\Downloads\Õige INPA vist
2017-12-28 01:32 - 2017-12-28 16:13 - 000000000 ____D C:\Users\Henri\Documents\KRÜPTO värk
2017-12-28 00:12 - 2013-08-21 15:16 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2017-12-28 00:11 - 2017-12-28 00:11 - 005345280 _____ C:\Users\Henri\Downloads\INF_allOS_9.4.0.1027.exe
2017-12-27 23:29 - 2017-12-27 23:29 - 000000000 ____D C:\Users\Henri\AppData\Roaming\Ethereum
2017-12-27 23:28 - 2017-12-29 20:37 - 000000000 ____D C:\Users\Henri\AppData\Roaming\Ethereum Wallet
2017-12-27 23:27 - 2017-12-27 23:27 - 000000000 ____D C:\Users\Henri\Desktop\win-unpacked
2017-12-20 12:08 - 2017-12-20 12:08 - 000000000 ____D C:\SUPERDelete
2017-12-20 12:06 - 2018-01-03 20:06 - 000000524 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 82162ac3-d453-45ea-97a9-d7fca66ca09f.job
2017-12-20 12:06 - 2018-01-01 02:00 - 000000524 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 02de262f-2b2d-490a-9d06-7e0aa218c7e9.job
2017-12-20 12:06 - 2017-12-20 12:06 - 000003574 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 02de262f-2b2d-490a-9d06-7e0aa218c7e9
2017-12-20 12:06 - 2017-12-20 12:06 - 000003492 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 82162ac3-d453-45ea-97a9-d7fca66ca09f
2017-12-20 12:06 - 2017-12-20 12:06 - 000001820 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2017-12-20 12:06 - 2017-12-20 12:06 - 000000000 ____D C:\Users\Henri\AppData\Roaming\SUPERAntiSpyware.com
2017-12-20 12:06 - 2017-12-20 12:06 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-12-20 12:06 - 2017-12-20 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-12-20 12:06 - 2017-12-20 12:06 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-12-20 12:05 - 2017-12-20 12:05 - 031339032 _____ (SUPERAntiSpyware) C:\Users\Henri\Downloads\SUPERAntiSpywarePro(1).exe
2017-12-15 14:14 - 2017-12-15 14:14 - 000001145 _____ C:\Users\Henri\Desktop\INPALOAD.exe - Shortcut.lnk
2017-12-15 13:31 - 2017-12-15 07:27 - 117062352 _____ C:\Users\Henri\Desktop\BMW Standard Tools.7z
2017-12-15 08:15 - 2017-12-15 08:15 - 001368779 ____H C:\Users\Henri\Downloads\wpr.7z
2017-12-15 08:09 - 2017-12-15 08:10 - 229357517 _____ C:\Users\Henri\Downloads\BMW INPA 64-bit.7z
2017-12-15 07:56 - 2017-12-15 08:06 - 000000000 ____D C:\EDIABAS
2017-12-15 07:55 - 2017-12-15 08:05 - 000000000 ____D C:\EC-APPS
2017-12-15 07:55 - 2017-12-15 07:55 - 000000000 ____D C:\BMW Coding Tool v250
2017-12-15 07:54 - 2017-12-15 07:55 - 000000000 ____D C:\NCSEXPER_64
2017-12-15 07:49 - 2017-12-15 07:49 - 000065118 _____ C:\WINDOWS\unins001.dat
2017-12-15 07:49 - 2017-12-15 07:49 - 000001636 _____ C:\Users\Public\Desktop\WinKFP.lnk
2017-12-15 07:49 - 2017-12-15 07:49 - 000001554 _____ C:\Users\Public\Desktop\NCS-Expert tool.lnk
2017-12-15 07:49 - 2017-12-15 07:49 - 000001527 _____ C:\Users\Public\Desktop\Tool32.lnk
2017-12-15 07:49 - 2017-12-15 07:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMW Standard Tools
2017-12-15 07:49 - 2017-12-15 07:49 - 000000000 ____D C:\Entwicklungsdaten
2017-12-15 07:49 - 2017-12-15 07:47 - 000722718 _____ C:\WINDOWS\unins001.exe
2017-12-15 02:04 - 2017-12-15 02:04 - 002161816 _____ (Passmark Software ) C:\Users\Henri\Downloads\osfmount_x64.exe
2017-12-15 01:05 - 2018-01-02 23:16 - 000000000 __RDO C:\Users\Henri\OneDrive
2017-12-15 00:58 - 2017-12-15 00:58 - 000003316 _____ C:\WINDOWS\System32\Tasks\space(title, t_monitor)
2017-12-15 00:58 - 2017-12-15 00:58 - 000000000 ____D C:\ProgramData\Microleaves
2017-12-15 00:57 - 2018-01-03 04:22 - 000000324 _____ C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job
2017-12-15 00:57 - 2018-01-02 23:14 - 000000302 _____ C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job
2017-12-15 00:57 - 2017-12-20 12:09 - 000000000 ____D C:\Program Files (x86)\gVEKLTxUjIE
2017-12-15 00:57 - 2017-12-16 15:46 - 000000000 ____D C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER
2017-12-15 00:57 - 2017-12-15 01:12 - 000000000 ____D C:\Program Files (x86)\Mail.Ru
2017-12-15 00:57 - 2017-12-15 00:57 - 000003060 _____ C:\WINDOWS\System32\Tasks\BmHhCekqquvtRi
2017-12-15 00:57 - 2017-12-15 00:57 - 000002728 _____ C:\WINDOWS\System32\Tasks\boQbXxbEJPaDgWztw2
2017-12-15 00:57 - 2017-12-15 00:57 - 000002706 _____ C:\WINDOWS\System32\Tasks\jVVcebPoCjhHKmi2
2017-12-15 00:57 - 2017-12-15 00:57 - 000002578 _____ C:\WINDOWS\System32\Tasks\boQbXxbEJPaDgWztw
2017-12-15 00:57 - 2017-12-15 00:57 - 000002556 _____ C:\WINDOWS\System32\Tasks\jVVcebPoCjhHKmi
2017-12-15 00:57 - 2017-12-15 00:57 - 000000000 ____D C:\Users\Henri\AppData\Roaming\ThreatDataBase
2017-12-15 00:57 - 2017-12-15 00:57 - 000000000 ____D C:\Program Files (x86)\vknAtWNPMhpU2
2017-12-15 00:57 - 2017-12-15 00:57 - 000000000 ____D C:\Program Files (x86)\ExRIRmygU
2017-12-15 00:56 - 2017-12-29 12:25 - 000000000 ____D C:\ProgramData\5f7edd8e-6651-0
2017-12-15 00:56 - 2017-12-29 12:25 - 000000000 ____D C:\ProgramData\5f7edd8e-27f5-1
2017-12-15 00:55 - 2018-01-03 21:38 - 000000364 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2017-12-15 00:55 - 2018-01-03 21:38 - 000000364 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2017-12-15 00:55 - 2018-01-03 21:38 - 000000364 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-12-15 00:55 - 2018-01-03 21:30 - 000000364 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2017-12-15 00:55 - 2018-01-03 21:30 - 000000364 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2017-12-15 00:55 - 2018-01-03 21:30 - 000000364 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2017-12-15 00:55 - 2018-01-03 20:58 - 000000396 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2017-12-15 00:55 - 2017-12-18 08:42 - 000000000 ____D C:\Users\Henri\AppData\Local\AdService
2017-12-15 00:55 - 2017-12-15 00:55 - 000003202 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2017-12-15 00:55 - 2017-12-15 00:55 - 000003172 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2017-12-15 00:55 - 2017-12-15 00:55 - 000003172 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2017-12-15 00:55 - 2017-12-15 00:55 - 000003172 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2017-12-15 00:55 - 2017-12-15 00:55 - 000003172 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2017-12-15 00:55 - 2017-12-15 00:55 - 000003172 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2017-12-15 00:55 - 2017-12-15 00:55 - 000003172 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2017-12-15 00:55 - 2017-12-15 00:55 - 000000000 ____D C:\WinSys
2017-12-15 00:55 - 2017-12-15 00:55 - 000000000 ____D C:\Users\Henri\AppData\Roaming\Microleaves
2017-12-15 00:55 - 2017-12-15 00:55 - 000000000 ____D C:\Users\Henri\AppData\Local\AdvinstAnalytics
2017-12-15 00:55 - 2017-12-15 00:55 - 000000000 ____D C:\Program Files (x86)\Microleaves
2017-12-15 00:55 - 2017-12-15 00:55 - 000000000 ____D C:\Applications
2017-12-15 00:24 - 2017-12-15 00:35 - 000000000 ____D C:\Program Files\PowerISO
2017-12-15 00:24 - 2017-12-15 00:24 - 000000824 _____ C:\Users\Public\Desktop\PowerISO.lnk
2017-12-15 00:24 - 2017-12-15 00:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-12-15 00:24 - 2016-02-10 15:21 - 000137280 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
2017-12-15 00:18 - 2017-12-15 00:18 - 004176888 _____ (Power Software Ltd) C:\Users\Henri\Downloads\PowerISO7-x64.exe
2017-12-15 00:07 - 2017-12-15 00:23 - 000000000 ____D C:\Program Files (x86)\WinISO Computing
2017-12-14 23:56 - 2017-12-14 23:59 - 3899603456 _____ C:\Users\Henri\Downloads\[BMW] INPA WinKFP NCSExpert + more 1.3.ova
2017-12-14 19:28 - 2017-12-14 23:30 - 000000000 ____D C:\INPA
2017-12-14 18:55 - 2017-12-14 19:00 - 000000000 ____D C:\My_Product
2017-12-14 18:51 - 2017-12-14 18:54 - 000000000 ___HD C:\Users\Henri\InstallAnywhere
2017-12-14 18:51 - 2017-12-14 18:52 - 000000000 ___HD C:\Program Files (x86)\Zero G Registry
2017-12-14 18:49 - 2017-12-14 18:50 - 095096576 _____ (Macrovision) C:\Users\Henri\Downloads\install.exe
2017-12-14 17:31 - 1996-12-05 14:37 - 000003424 _____ (c't) C:\WINDOWS\system32\Drivers\DIRECTNT.SYS
2017-12-14 17:06 - 2008-03-13 18:52 - 000054600 _____ (FTDI Ltd.) C:\WINDOWS\system32\ftserui2.dll
2017-12-14 17:06 - 2008-03-13 18:51 - 000068800 _____ (FTDI Ltd.) C:\WINDOWS\system32\Drivers\ftdibus.sys
2017-12-14 17:06 - 2008-03-13 18:50 - 000202048 _____ (FTDI Ltd.) C:\WINDOWS\SysWOW64\ftd2xx.dll
2017-12-14 17:06 - 2008-03-13 18:49 - 000320840 _____ (FTDI Ltd.) C:\WINDOWS\system32\ftd2xx.dll
2017-12-14 17:06 - 2008-03-13 18:49 - 000270144 _____ (FTDI Ltd.) C:\WINDOWS\system32\FTLang.dll
2017-12-14 17:06 - 2008-03-13 18:49 - 000143680 _____ (FTDI Ltd.) C:\WINDOWS\system32\ftbusui.dll
2017-12-14 17:06 - 2008-03-13 18:49 - 000084288 _____ (FTDI Ltd.) C:\WINDOWS\system32\Drivers\ftser2k.sys
2017-12-14 17:05 - 2017-12-15 00:05 - 000000000 ____D C:\Users\Henri\Downloads\DRIVER DCAN KAABEL BMW
2017-12-14 12:42 - 2017-12-14 12:42 - 000003200 _____ C:\WINDOWS\System32\Tasks\{BEF1F647-5E2C-4C86-871A-1EF1FAB71FB8}
2017-12-14 12:31 - 1996-12-05 14:37 - 000003424 _____ (c't) C:\WINDOWS\SysWOW64\Drivers\DirectNT.sys
2017-12-14 12:25 - 2017-12-14 12:25 - 000000000 ____D C:\WINDOWS\Downloaded Installations
2017-12-13 23:11 - 2017-12-13 23:11 - 000001092 _____ C:\Users\Public\Desktop\Avira.lnk
2017-12-06 11:43 - 2017-12-06 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeRa Client
2017-12-06 11:43 - 2017-12-06 11:43 - 000000000 ____D C:\Program Files\TeRa Client
2017-12-04 17:41 - 2017-12-04 21:12 - 000000000 ____D C:\Users\Henri\AppData\Roaming\DashCore
2017-12-04 17:41 - 2017-12-04 17:41 - 000000000 ____D C:\Users\Henri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dash Core
2017-12-04 17:41 - 2017-12-04 17:41 - 000000000 ____D C:\Program Files\DashCore
2017-12-04 17:40 - 2017-12-04 17:41 - 015478592 _____ (Dash Core project) C:\Users\Henri\Downloads\dashcore-0.12.2.1-win64-setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-03 21:31 - 2017-10-19 14:31 - 000000432 _____ C:\WINDOWS\Tasks\Yandex Browser update.job
2018-01-03 20:03 - 2015-09-15 18:04 - 000000000 ____D C:\Users\Henri\AppData\Roaming\tixati
2018-01-03 19:49 - 2017-04-14 15:49 - 000000474 _____ C:\WINDOWS\Tasks\Yandex Browser system update.job
2018-01-03 19:47 - 2017-10-19 12:49 - 000000440 _____ C:\WINDOWS\Tasks\Update for Yandex Browser.job
2018-01-02 23:16 - 2015-09-14 22:36 - 000000000 __SHD C:\Users\Henri\IntelGraphicsProfiles
2018-01-02 23:14 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-02 23:13 - 2016-07-25 15:45 - 000000248 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-01-02 23:11 - 2016-05-02 18:49 - 000000000 ____D C:\Users\Henri\Documents\brauser
2018-01-02 22:22 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-01-02 22:21 - 2015-09-14 22:11 - 000000000 ____D C:\Users\Henri
2018-01-02 12:10 - 2017-11-07 20:35 - 000000000 ____D C:\Users\Henri\AppData\Roaming\Telegram Desktop
2017-12-31 12:48 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-30 00:10 - 2015-09-21 21:01 - 000000000 ____D C:\Users\Henri\AppData\Roaming\vlc
2017-12-29 22:48 - 2015-09-14 22:25 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1191529984-1850047899-1010345412-1001
2017-12-29 18:37 - 2017-05-10 10:53 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-29 18:37 - 2017-05-10 10:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-28 17:38 - 2014-10-12 13:54 - 000000000 ____D C:\Users\Henri\Downloads\Taustapildid
2017-12-28 00:15 - 2013-08-22 16:44 - 000543800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-28 00:15 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2017-12-28 00:12 - 2015-09-14 22:33 - 000000000 ____D C:\Program Files (x86)\Intel
2017-12-27 23:48 - 2015-09-14 22:18 - 000863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-27 23:47 - 2016-10-14 23:30 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2017-12-22 11:54 - 2017-10-19 12:49 - 000003398 _____ C:\WINDOWS\System32\Tasks\Update for Yandex Browser
2017-12-22 11:41 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-20 14:29 - 2017-06-30 19:40 - 000001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-12-20 14:29 - 2016-01-10 14:43 - 000003842 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1452429757
2017-12-20 14:29 - 2016-01-10 14:41 - 000000000 ____D C:\Program Files (x86)\Opera
2017-12-15 11:11 - 2015-10-22 18:53 - 000000000 ____D C:\Users\Henri\AppData\Roaming\DAEMON Tools Lite
2017-12-15 01:05 - 2017-04-24 18:11 - 000000000 __RDO C:\Users\Henri\OneDrive.old
2017-12-15 01:02 - 2015-12-21 22:07 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-12-15 00:56 - 2013-08-22 17:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-12-15 00:43 - 2017-05-08 13:23 - 000000000 ____D C:\Users\Henri\AppData\LocalLow\Mozilla
2017-12-14 18:55 - 2017-09-17 11:32 - 000000000 ____D C:\ProgramData\InstallShield
2017-12-14 07:38 - 2017-04-14 15:49 - 000003540 _____ C:\WINDOWS\System32\Tasks\Yandex Browser system update
2017-12-14 06:27 - 2015-09-14 22:29 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-13 23:11 - 2017-10-09 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-12-13 23:02 - 2017-07-07 13:02 - 000178840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-12-13 23:02 - 2017-07-07 13:02 - 000169376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-12-07 09:24 - 2017-03-16 08:13 - 000002175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-06 11:43 - 2017-07-25 13:01 - 000001901 _____ C:\Users\Public\Desktop\DigiDoc3 krüpto.lnk
2017-12-06 11:43 - 2017-07-25 13:01 - 000000939 _____ C:\Users\Public\Desktop\DigiDoc3 klient.lnk
2017-12-06 11:43 - 2017-07-25 13:01 - 000000904 _____ C:\Users\Public\Desktop\TeRa Client.lnk
2017-12-06 11:43 - 2017-01-27 19:54 - 000000924 _____ C:\Users\Public\Desktop\ID-kaardi haldusvahend.lnk
2017-12-06 11:43 - 2016-11-28 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ID-kaart
2017-12-06 11:43 - 2016-11-28 20:22 - 000000000 ____D C:\Program Files (x86)\Open-EID

==================== Files in the root of some directories =======

2016-03-10 00:04 - 2016-03-10 00:04 - 000000320 _____ () C:\Users\Henri\AppData\Roaming\SEC2.trad
2015-12-20 00:19 - 2015-12-20 00:19 - 000007605 _____ () C:\Users\Henri\AppData\Local\Resmon.ResmonCfg

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-01 21:06

==================== End of FRST.txt ============================


ADDITION:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Henri (03-01-2018 21:40:05)
Running from C:\Users\Henri\Downloads
Windows 8.1 Pro (X64) (2015-09-14 20:14:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1191529984-1850047899-1010345412-500 - Administrator - Disabled)
Guest (S-1-5-21-1191529984-1850047899-1010345412-501 - Limited - Disabled)
Henri (S-1-5-21-1191529984-1850047899-1010345412-1001 - Administrator - Enabled) => C:\Users\Henri

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

-=CASH=- SOF Minimizer (HKLM-x32\...\{B720288E-778A-4308-8D65-8EE2E775042A}) (Version: 1.0.0 - -=CASH=-BloodShed)
7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{590FFA10-F6F0-440E-B9B1-B337ACF31F17}) (Version: 1.5 - Eyeo GmbH)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\Amazon Kindle) (Version: 1.19.3.46099 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{0FC66755-FB35-2CBD-C838-70B4984C2C67}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Angry Birds: Rio RePack (HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\Angry Birds - Rio RePack) (Version: 2.1 - KloneB@DGuY)
Angry Birds: Seasons RePack (HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\Angry Birds - Seasons RePack) (Version: 4.0.1 - KloneB@DGuY)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD 2010 - English (HKLM\...\{5783F2D7-8001-0409-0102-0060B0CE6BBA}) (Version: 18.0.55.0 - Autodesk) Hidden
AutoCAD 2010 - English (HKLM\...\AutoCAD 2010 - English) (Version: 18.0.55.0 - Autodesk)
AutoCAD 2010 Language Pack - English (HKLM\...\{5783F2D7-8001-0409-1102-0060B0CE6BBA}) (Version: 18.0.55.0 - Autodesk) Hidden
Avira (HKLM-x32\...\{4BC30143-FC17-4BA0-96C3-11F21F026099}) (Version: 1.2.100.18354 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{638c58eb-e71e-4b96-8f16-c5a7dbc4293f}) (Version: 1.2.100.18354 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.16 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.11.3.29834 - Avira Operations GmbH & Co. KG)
BMW Standard Tools (HKLM-x32\...\{ 70994916-61E9-40D2-A30C-89D2C030017F}_is1) (Version: 2.12.0 - BMW Group)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Chrome Token Signing (HKLM\...\{81833648-4A71-47BA-AE66-D63CE0CAFEE1}) (Version: 1.0.5.468 - RIA)
Chrome Token Signing (HKLM\...\{98F4FF09-5CAF-494A-A67F-C48081CCDF9C}) (Version: 1.0.6.485 - RIA) Hidden
Cuphead (HKLM-x32\...\1963513391_is1) (Version: 20170929 - GOG.com)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Dash Core (64-bit) (HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\Dash Core (64-bit)) (Version: 0.12.2 - Dash Core project)
DigiByte Core (64-bit) (HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\DigiByte Core (64-bit)) (Version: 6.14.2 - DigiByte Core project)
DigiDoc3 Client (HKLM-x32\...\{2440383F-9ACC-4936-A9F8-737F208FC46C}) (Version: 3.13.4.1515 - RIA) Hidden
DisplayLink Core Software (HKLM\...\{A8EAA30F-4230-47B9-8B3A-0FEA3DCE2468}) (Version: 7.4.50415.0 - DisplayLink Corp.)
eID software (HKLM-x32\...\{d779a457-ee5f-4bef-8e87-6a96b5f1facc}) (Version: 17.11.0.1762 - RIA)
Electroneum Pool Miner BETA v1.1 (HKLM-x32\...\Electroneum Pool Miner BETA v1.1) (Version:  - )
Epic Privacy Browser (HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\Epic) (Version: 48.0.2553.0 - Epic)
EPUB Converter 9.8.9 (HKLM-x32\...\{80860B22-7DC1-44A2-9233-0FA6C8A4FE6B}) (Version: 9.8.9 - AniceSoft)
EstEID Minidriver (HKLM\...\{C8FD6A29-41A0-49CB-AB5B-96598235E4FD}) (Version: 3.12.0.77 - RIA) Hidden
EstEID Shell Extension (HKLM\...\{BB120379-55D5-4774-8B4D-81D9DD16353C}) (Version: 3.13.3.1512 - RIA) Hidden
EstEID Shell Extension (HKLM-x32\...\{B5D2ABF7-F3B8-44A3-A10D-A15DEF2F644D}) (Version: 3.13.3.1512 - RIA) Hidden
FF Token Signing Uninstaller (HKLM-x32\...\{F9A7D3E6-F64A-42F4-91FC-2D20639D1AFD}) (Version: 17.11.0.1762 - RIA) Hidden
Firefox PKCS11 Loader (HKLM\...\{C8AA3169-5B44-43A6-9B6D-23F8748CAFAB}) (Version: 3.12.1.1071 - RIA) Hidden
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
HP Port Replicator Software Installer (HKLM-x32\...\{6313BCDF-1109-4682-A19D-413189817787}) (Version: 1.3.28 - HP)
HP USB Port Replicator (HKLM\...\{CE18ABE0-7362-4D0C-9D1F-97E553040C71}) (Version: 7.4.50520.0 - Hewlett-Packard)
ID-card utility (HKLM-x32\...\{70650208-B39D-4B7C-935F-73DEE8639036}) (Version: 3.12.10.1265 - RIA) Hidden
IE Token Signing Plugin (HKLM\...\{92C0E129-C2A7-44F3-955C-AE90D0916337}) (Version: 3.13.0.987 - RIA) Hidden
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel® Driver Update Utility 2.2 (HKLM-x32\...\{3EE9923D-3045-46AB-9CAA-E375993AEB4A}) (Version: 2.2.0.1 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4226 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
KeyShot 5 64 bit (HKLM-x32\...\KeyShot 5_64) (Version: 5.0 64 bit - Luxion ApS)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
KYOCERA Client Tool (HKLM\...\KYOCERA Client Tool) (Version: 1.1.0027 - KYOCERA Document Solutions Inc.)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
Kyocera TWAIN Driver GX (HKLM\...\Kyocera TWAIN Driver GX) (Version: 1.8.1928 - KYOCERA Document Solutions Inc.)
MetaTrader 4 Admiral Markets (HKLM-x32\...\MetaTrader 4 Admiral Markets) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft1.9 (HKLM-x32\...\Minecraft1.9) (Version:  - )
Mozilla Firefox 57.0.3 (x64 et) (HKLM\...\Mozilla Firefox 57.0.3 (x64 et)) (Version: 57.0.3 - Mozilla)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Open-EID Metapackage (HKLM-x32\...\{42D681FE-6B57-4BF0-A294-272B082D3BAD}) (Version: 17.11.0.1762 - RIA) Hidden
Open-EID QtConf Uninstaller (HKLM-x32\...\{B6FAD86F-8850-49C0-B0AA-35B66268AC13}) (Version: 17.11.0.1762 - RIA) Hidden
Open-EID Uninstaller (HKLM-x32\...\{29967171-87C3-4990-A8BC-BEAFCBC4D0BD}) (Version: 17.11.0.1762 - RIA) Hidden
Open-EID Updater (HKLM-x32\...\{A60ADF43-9579-4670-93FC-6D23BD2A8F1C}) (Version: 3.12.2.1012 - RIA) Hidden
Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Ruby 2.4.2-2-x64 (HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\RubyInstaller-2.4-x64-mingw32_is1) (Version: 2.4.2-2 - RubyInstaller Team)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SMAC 2.0 (HKLM-x32\...\SMAC 2.0) (Version:  - )
Soldier of Fortune II - Double Helix GOLD (HKLM-x32\...\Soldier of Fortune II - Double Helix GOLD) (Version:  - )
Solid Edge ST7 (HKLM\...\{AB0F3228-D90C-4574-8A28-589483A68C93}) (Version: 107.00.00104 - Siemens)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Telegram Desktop version 1.2.1 (HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.1 - Telegram Messenger LLP)
TeRa Client (HKLM\...\{012BCAD1-3DEF-44D3-AC1E-68DFC2DAF705}) (Version: 1.0.0.240 - RIA) Hidden
Tixati (HKLM-x32\...\tixati) (Version:  - )
Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard  (09/21/2017 3.12.0.77) (HKLM\...\0F673E6BE49AB7389244AD28CBFB79163DA20A7E) (Version: 09/21/2017 3.12.0.77 - RIA (Estonian National ID Card))
Winols 2.24 (HKLM-x32\...\Winols 2.24) (Version: 2.24 - OLS)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Yandex (HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\YandexBrowser) (Version: 17.11.0.2191 - YANDEX)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1191529984-1850047899-1010345412-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1191529984-1850047899-1010345412-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1191529984-1850047899-1010345412-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\AutoCAD 2010\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1191529984-1850047899-1010345412-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2010\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-08-09] (Igor Pavlov)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2009-02-09] (Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [DigiDoc3ShellExtension] -> {310AAB39-76FE-401B-8A7F-0F578C5F6AB5} => C:\Program Files\Open-EID\EsteidShellExtension.dll [2017-10-24] (RIA)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-01-08] (Foxit Software Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-12-13] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers2: [IVBShlExt] -> {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-08-09] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-11-03] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-06-04] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-08-09] (Igor Pavlov)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-12-13] (Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01036A73-AACF-477F-A8D4-206AE5BE7D95} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {098AB912-A0FE-4BF6-A890-C6559BB7522C} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {152F0AAA-A296-4F59-99EA-1AE640DD3FA6} - \FastDataX Task -> No File <==== ATTENTION
Task: {1598FFE0-3823-4F94-8D85-EF8F67D5F3E6} - System32\Tasks\53AF43A0-7075-8072-607A-C941E21AA3BE => C:\WINDOWS\SysWOW64\regsvr32.exe /n /s /i:"/78212675b3e3371d /q" "C:\Users\Henri\AppData\Local\4BAEB2~1\{CF2E7~1."
Task: {1B349DF4-1747-4A29-90EF-6C6D4A088002} - System32\Tasks\{02305D99-FED2-41E8-B0F4-1122655A596B} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Henri\Desktop\GTA_V_Launcher_1_0_440_2.exe -d C:\Users\Henri\Desktop
Task: {1F43987C-BC5D-477E-8408-75CC867D4A46} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {2B0F33F3-FE90-45F7-B14C-9EBA95F973ED} - System32\Tasks\boQbXxbEJPaDgWztw => rundll32 "C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\ukVEjMZ.dll",#1
Task: {2C1C20E3-4122-4A1D-B6DB-AFCC6F3A0D0A} - System32\Tasks\boQbXxbEJPaDgWztw2 => rundll32 "C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\ukVEjMZ.dll",#1
Task: {36A654E2-4C63-4543-BC54-3010090F2FC1} - System32\Tasks\jVVcebPoCjhHKmi => rundll32 "C:\Program Files (x86)\ExRIRmygU\WISsFE.dll",#1
Task: {3982BFC5-5055-400B-9E27-7ACC14EB7914} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {48262BF4-5286-49FA-8644-349784E5B7A6} - System32\Tasks\Opera scheduled Autoupdate 1452429757 => C:\Program Files (x86)\Opera\launcher.exe [2017-12-18] (Opera Software)
Task: {4A497E54-5F48-4D40-AE3D-A2BF019CA5D2} - System32\Tasks\{C7394EBF-8678-49AD-95CB-C406F5398FD1} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Henri\AppData\Local\Temp\Temp1_BMW INPA.zip\INPA\Programminstallation\setup.exe" <==== ATTENTION
Task: {4DDCF31D-77E5-44D7-8A39-799BE61148E2} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2016-01-12] (@ByELDI)
Task: {4F4305FC-435E-4C27-9B8A-DD3E92B118C7} - System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F} => C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe [2017-12-29] () <==== ATTENTION
Task: {5252F794-E899-48DE-9900-AB2E9A4CCF0B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {5392AACC-4882-433F-BF11-6A8F3EB87362} - System32\Tasks\Optimize Desktop Icon Cache => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\agent.ini" <==== ATTENTION
Task: {5EE02C7F-1818-4F2A-AEBE-6A37693107D6} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {66069A0F-26A7-48BA-B701-31D1C8B2CC1A} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {6C13FD8B-F0A2-4006-A040-E18E7AF24E04} - System32\Tasks\{442019A4-6597-4ED9-A69C-15BCC8EDB368} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Henri\Desktop\Setup.Exe -d C:\Users\Henri\Desktop
Task: {727037CC-B4D5-4123-8C50-2857FC833566} - System32\Tasks\jVVcebPoCjhHKmi2 => rundll32 "C:\Program Files (x86)\ExRIRmygU\WISsFE.dll",#1
Task: {88909255-13DC-49E3-BF64-2B685C4E3425} - System32\Tasks\SUPERAntiSpyware Scheduled Task 82162ac3-d453-45ea-97a9-d7fca66ca09f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {8AE9F5CB-5452-4F39-8273-D6CA5ED16547} - System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a4bc5f4f\cf2e7aae.dll" <==== ATTENTION
Task: {8D6C27FF-A401-4883-9891-FE8019BEB639} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION
Task: {95AB95F7-1C6D-472B-94B2-8EB90846758B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-25] (Synaptics Incorporated)
Task: {A32A8741-AF3F-4493-9D4D-17B9EC3F4371} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {A47D3FDF-C3A7-4B0B-858C-DB5D86C59AF9} - System32\Tasks\{BEF1F647-5E2C-4C86-871A-1EF1FAB71FB8} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Henri\Desktop\INPA\Driver_D_CAN_USB\OBDSetup.exe -d C:\Users\Henri\Desktop\INPA\Driver_D_CAN_USB
Task: {AC4E8D4F-2D8F-4017-9BDD-366AF0772589} - System32\Tasks\space(title, t_monitor) => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
Task: {B4ABC023-A040-4BE9-9645-4F0412619E2B} - System32\Tasks\Yandex Browser system update => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe [2017-12-04] (YANDEX LLC)
Task: {B817C9FB-A0FA-4034-BD78-1BFBCD0471CF} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {B8E9D77B-D390-4F95-9437-D0E1084DE7F6} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-03-16] ()
Task: {B97A79D0-917E-43E7-A6C2-AFBCD673ED0F} - System32\Tasks\{08080A47-7909-7E0A-0911-0F780C0D117D} => C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwAgACAAOwAgADsAOwAgADsAIAAgADsAOwA7ADsAIAAgACAAIAAgACAAOwA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4A (the data entry has 9504 more characters). <==== ATTENTION
Task: {BD2507D6-06CD-4937-8AE2-66B5B38835A7} - System32\Tasks\Yandex Browser update => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-12-04] (YANDEX LLC)
Task: {BF13A909-3BD0-47E7-9F79-DB78FCE3D19B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {C408C4C4-3EC7-4984-AC6F-9C58D6DBE856} - System32\Tasks\Flexera® Software Manager => C:\Program Files (x86)\Common Files\InstallShield\Update\Agent.exe [2017-04-08] (Flexera Software LLC)
Task: {C5449959-1FC3-46BA-B809-747DC16E59C6} - System32\Tasks\BmHhCekqquvtRi => rundll32 "C:\Program Files (x86)\vknAtWNPMhpU2\IWAIaSSsTFJEs.dll",#1
Task: {CC98F73F-959C-4076-BE73-3F6F9E0E9260} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Henri => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2016-10-19] (H.D.S. Hungary)
Task: {D158672D-5F96-4424-AF2E-E7A577A6967A} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {E3E2940D-3136-4E66-B32C-318746F6DDFF} - System32\Tasks\UnHackMe Task Scheduler => G:\UnHackMe\hackmon.exe
Task: {E456E1CE-309F-409E-AF1B-3E635A5DD83E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 02de262f-2b2d-490a-9d06-7e0aa218c7e9 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E49809A5-8881-4B2B-B296-0EF0625BF7DC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe
Task: {ECDB4C14-5635-4123-BA50-2FE388963E83} - System32\Tasks\id updater task => C:\Program Files (x86)\Open-EID\ID-updater.exe [2017-10-16] (RIA)
Task: {F37D4F64-F7ED-4A40-A734-1FB6F670037F} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-12-13] (Avira Operations GmbH & Co. KG)
Task: {F8F8910F-E31D-4142-8169-049258DB1F8B} - System32\Tasks\Update for Yandex Browser => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-12-04] (YANDEX LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job => C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\ukVEjMZ.dll
Task: C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job => C:\Program Files (x86)\ExRIRmygU\WISsFE.dll
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 02de262f-2b2d-490a-9d06-7e0aa218c7e9.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 82162ac3-d453-45ea-97a9-d7fca66ca09f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\Update for Yandex Browser.job => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yandex Browser system update.job => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe
Task: C:\WINDOWS\Tasks\Yandex Browser update.job => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Henri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Henri\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-12-29 12:25 - 2017-12-29 12:25 - 001636352 _____ () C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe
2015-09-18 16:17 - 2013-01-14 22:25 - 001200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2017-12-29 12:24 - 2017-12-29 12:25 - 001623040 _____ () C:\Users\Henri\AppData\Local\4BAEB25C-6F72-7F72-6EB1-48BD4ED0C2A9\{CF2E7AAE-25E1-6B92-F2C8-8084934AE014}

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Henri\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 82.163.143.176 - 82.163.142.178
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Zune Launcher"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "MalwareProtectionLive"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\StartupApproved\Run: => "Epic Privacy Browser Installer"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{9E18F101-D38D-4B17-B877-27CA03D5D390}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{576D0DBE-1F0C-4091-B838-B08B4553AACA}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{88155EBE-AEFF-47C5-B812-E0D1B70DDC6A}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{C4BF42D6-F3E7-46B6-BC48-2D968D93D7B3}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{EA416250-056F-4F5F-9B48-901281AB49B0}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{0FEEA69C-1152-42EA-8FA3-1B6F8728C2E6}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{47CB291A-44BF-4EC3-A415-46A5E05EE0AF}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C315A36A-4BE2-4FC1-9AC7-048EF7B5FE48}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{54BDDC01-5216-4363-B8FF-824739C8AB85}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{3FB1F442-DD5F-441F-98B5-ABBE05209542}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{B715F90C-99DB-4D2A-ACD1-96C2718299F0}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{0F8EF046-03B9-4773-91CF-B814202264DD}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{037691F6-08B8-41B2-ABB3-D64E8B51B3FE}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BA73DF37-1A85-4036-A524-AA12A6BD2B5F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0B11A2E0-EE59-4B49-BFC2-EF7C98E4513C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{29EE1294-A018-446B-93D9-6D4F3FD4736D}C:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) C:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{6D8F6BB4-9A67-48F0-B612-3B9BEF0111B1}C:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) C:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{AF960C5D-A831-450D-AC17-2C45CF1F3801}H:\setup\sof2mp.exe] => (Allow) H:\setup\sof2mp.exe
FirewallRules: [UDP Query User{8D57212A-CFF0-4791-A7D8-58CCC105F04A}H:\setup\sof2mp.exe] => (Allow) H:\setup\sof2mp.exe
FirewallRules: [TCP Query User{DD001A07-5A71-46C5-85BE-21A4E20CBC8C}C:\program files (x86)\soldier of fortune ii - double helix gold\sof2mp.exe] => (Allow) C:\program files (x86)\soldier of fortune ii - double helix gold\sof2mp.exe
FirewallRules: [UDP Query User{62F730ED-879E-4AEE-9C87-F923A0B07A0E}C:\program files (x86)\soldier of fortune ii - double helix gold\sof2mp.exe] => (Allow) C:\program files (x86)\soldier of fortune ii - double helix gold\sof2mp.exe
FirewallRules: [TCP Query User{CCD764A8-7445-47BA-A807-2F14C3F40130}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{69F8866A-EB85-4CB2-959B-E9F0CC924836}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{3E497B4A-2957-426C-893C-F06D2CFA73EA}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{CF3B1830-C7E6-4216-9DED-2F0C341CF0B9}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{29822C7B-EB77-49F9-8E4B-CE3085C612CE}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{6C1A517D-A4B4-4D31-A509-5F8D1E77B6C6}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [{58677B7F-953A-4EEA-B9A4-AC41D97DFC4A}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot5.exe
FirewallRules: [{331C7651-B350-4C75-AB37-333E1970AD8B}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [TCP Query User{B8C32AE7-37B9-4A7C-B049-D529B8BFC053}C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe] => (Allow) C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{3DD62942-4DD9-4E91-8D4A-E71CCF1670A9}C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe] => (Allow) C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{3C0AEC7F-DAD8-4AA2-A4F0-3C5B7823AEFC}C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{AC37166C-C96F-4A06-B84D-01C43419B9F9}C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\r.g. mechanics\wolfenstein - the new order\wolfneworder_x64.exe
FirewallRules: [{4EF4B6B6-E53C-4746-B4BD-E6619DAD4F3D}] => (Allow) C:\Program Files\COMODO\Unite\Unite.exe
FirewallRules: [{A63838DE-A118-45F4-B9F5-324784B8F4AA}] => (Allow) C:\Program Files\COMODO\Unite\Unite.exe
FirewallRules: [{C8F8E7C5-6E46-4F5F-92AA-A7D542D9BB42}] => (Allow) C:\Program Files\COMODO\Unite\EzVpnSvc.exe
FirewallRules: [{DEBFD44F-A658-444E-97CD-F53C14E6800E}] => (Allow) C:\Program Files\COMODO\Unite\EzVpnSvc.exe
FirewallRules: [{94CAECE2-C665-491F-825A-A21250232C4F}] => (Allow) C:\Program Files\COMODO\Unite\crdphAppShare.exe
FirewallRules: [{B0FEECA3-0163-4737-BDD5-EB96E0FBE5D1}] => (Allow) C:\Program Files\COMODO\Unite\crdphAppShare.exe
FirewallRules: [{D19D8162-4FCC-4B48-8CC6-C6BCE7E5B4F8}] => (Allow) C:\Program Files\COMODO\Unite\crdphService.exe
FirewallRules: [{E7B7516E-BACC-4D97-9586-92587D87FBA1}] => (Allow) C:\Program Files\COMODO\Unite\crdphService.exe
FirewallRules: [{5C577B10-8A46-4FF9-B744-FF03188566D4}] => (Allow) C:\Program Files\COMODO\Unite\UniteCAM.exe
FirewallRules: [{D339C13A-B688-4296-9812-363F0E0472EB}] => (Allow) C:\Program Files\COMODO\Unite\UniteCAM.exe
FirewallRules: [{700A0DAA-8E61-42C6-B2E6-2B0E83A63739}] => (Allow) C:\Program Files\COMODO\Unite\prtw.exe
FirewallRules: [{670C651E-A7D1-4B1D-9C62-AB9B322679A7}] => (Allow) C:\Program Files\COMODO\Unite\prtw.exe
FirewallRules: [{40C8B223-CD8A-4126-BCBF-2600AEC37AD1}] => (Allow) C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
FirewallRules: [{33B0F360-6189-47C7-8D72-5D96FE355EC8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{69FE0155-A2EF-4893-9533-129056CD658D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{607BF3E1-5576-40FC-AE81-2FEC6B83906C}C:\program files\digibyte\digibyte-qt.exe] => (Allow) C:\program files\digibyte\digibyte-qt.exe
FirewallRules: [UDP Query User{268482DB-D2BE-4269-99ED-51F8FC1B791E}C:\program files\digibyte\digibyte-qt.exe] => (Allow) C:\program files\digibyte\digibyte-qt.exe
FirewallRules: [TCP Query User{689F0D32-BA2F-4E3A-9CE1-CAEA26FE8870}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{F173899F-28CD-454A-830C-18E530520E06}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{55A060A8-E9CF-48A1-BDC6-117F497B5AB3}C:\users\henri\desktop\electroneum id\electroneumd.exe] => (Allow) C:\users\henri\desktop\electroneum id\electroneumd.exe
FirewallRules: [UDP Query User{D673677F-D188-4EDB-9913-E5DDB89E6878}C:\users\henri\desktop\electroneum id\electroneumd.exe] => (Allow) C:\users\henri\desktop\electroneum id\electroneumd.exe
FirewallRules: [TCP Query User{5CD8F259-C956-4409-B990-F044129CFA76}C:\ruby24-x64\bin\ruby.exe] => (Allow) C:\ruby24-x64\bin\ruby.exe
FirewallRules: [UDP Query User{2BCCCC2F-0FDA-41D6-86C7-D9F1B4D523D8}C:\ruby24-x64\bin\ruby.exe] => (Allow) C:\ruby24-x64\bin\ruby.exe
FirewallRules: [TCP Query User{00F433D3-E3BB-4FD7-865C-E0DA9B478AA0}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2D53944B-23C1-4797-956B-CEF2A15C0FE2}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{018979C8-EC41-447E-9C8D-B2E9FADCBF8C}] => (Allow) C:\Program Files (x86)\Opera\49.0.2725.47\opera.exe
FirewallRules: [TCP Query User{F532FB19-71AF-4450-866B-240DC87B9590}C:\program files\dashcore\dash-qt.exe] => (Allow) C:\program files\dashcore\dash-qt.exe
FirewallRules: [UDP Query User{083C65DC-4E03-4A5C-9D38-7E2AC44B3581}C:\program files\dashcore\dash-qt.exe] => (Allow) C:\program files\dashcore\dash-qt.exe
FirewallRules: [{184BED41-C7C4-4DF7-A8E7-8D6698B50A8C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1EDB91BF-0211-4EFE-A92F-F28959F9ABBE}] => (Allow) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
FirewallRules: [TCP Query User{D9BBF43A-4AE9-49F7-AEDF-7E380D47B9CD}C:\users\henri\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\henri\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe
FirewallRules: [UDP Query User{D214A024-2D93-46F3-8BC8-D9859EDDBD51}C:\users\henri\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\henri\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe

==================== Restore Points =========================

22-12-2017 09:48:40 Scheduled Checkpoint
29-12-2017 15:48:52 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Controller
Description: Bluetooth Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/03/2018 08:02:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.3.0, time stamp: 0x54c2b458
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17031, time stamp: 0x53089862
Exception code: 0xe0434352
Fault offset: 0x00000000000068d8
Faulting process id: 0x1378
Faulting application start time: 0x01d384bcf9594147
Faulting application path: C:\WINDOWS\AutoKMS\AutoKMS.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 3ae82c40-f0b0-11e7-83b0-040334000434
Faulting package full name:
Faulting package-relative application ID:

Error: (01/03/2018 08:02:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.FormatException
Stack:
   at System.DateTime.Parse(System.String)
   at ..(.)
   at ..(.)
   at ..()

Error: (01/02/2018 11:16:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.3.0, time stamp: 0x54c2b458
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17031, time stamp: 0x53089862
Exception code: 0xe0434352
Fault offset: 0x00000000000068d8
Faulting process id: 0x640
Faulting application start time: 0x01d3840ea27a209e
Faulting application path: C:\WINDOWS\AutoKMS\AutoKMS.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 39f52749-f002-11e7-83b0-040334000434
Faulting package full name:
Faulting package-relative application ID:

Error: (01/02/2018 11:16:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.FormatException
Stack:
   at System.DateTime.Parse(System.String)
   at ..(.)
   at ..(.)
   at ..()

Error: (01/02/2018 08:02:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.3.0, time stamp: 0x54c2b458
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17031, time stamp: 0x53089862
Exception code: 0xe0434352
Fault offset: 0x00000000000068d8
Faulting process id: 0x1ec
Faulting application start time: 0x01d383f3cecb6165
Faulting application path: C:\WINDOWS\AutoKMS\AutoKMS.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 1033a953-efe7-11e7-83ad-040334000434
Faulting package full name:
Faulting package-relative application ID:

Error: (01/02/2018 08:02:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.FormatException
Stack:
   at System.DateTime.Parse(System.String)
   at ..(.)
   at ..(.)
   at ..()

Error: (12/31/2017 08:02:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.3.0, time stamp: 0x54c2b458
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17031, time stamp: 0x53089862
Exception code: 0xe0434352
Fault offset: 0x00000000000068d8
Faulting process id: 0x1678
Faulting application start time: 0x01d382617a236a5e
Faulting application path: C:\WINDOWS\AutoKMS\AutoKMS.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: bb88f408-ee54-11e7-83ad-040334000434
Faulting package full name:
Faulting package-relative application ID:

Error: (12/31/2017 08:02:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.FormatException
Stack:
   at System.DateTime.Parse(System.String)
   at ..(.)
   at ..(.)
   at ..()

Error: (12/30/2017 08:02:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.3.0, time stamp: 0x54c2b458
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17031, time stamp: 0x53089862
Exception code: 0xe0434352
Fault offset: 0x00000000000068d8
Faulting process id: 0x1758
Faulting application start time: 0x01d381984fc8a173
Faulting application path: C:\WINDOWS\AutoKMS\AutoKMS.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 91e85007-ed8b-11e7-83ad-040334000434
Faulting package full name:
Faulting package-relative application ID:

Error: (12/30/2017 08:02:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.FormatException
Stack:
   at System.DateTime.Parse(System.String)
   at ..(.)
   at ..(.)
   at ..()


System errors:
=============
Error: (01/03/2018 01:22:06 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (01/02/2018 11:14:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HNService service terminated with the following error:
The specified module could not be found.

Error: (01/02/2018 11:14:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DirectNT service failed to start due to the following error:
This driver has been blocked from loading

Error: (01/02/2018 11:14:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\Drivers\DirectNT.SYS

Error: (01/02/2018 11:13:28 PM) (Source: DCOM) (EventID: 10005) (User: ARVUTI)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2018 11:13:09 PM) (Source: DCOM) (EventID: 10005) (User: ARVUTI)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2018 11:13:01 PM) (Source: DCOM) (EventID: 10005) (User: ARVUTI)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2018 11:12:41 PM) (Source: DCOM) (EventID: 10005) (User: ARVUTI)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2018 11:12:23 PM) (Source: DCOM) (EventID: 10010) (User: ARVUTI)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (01/02/2018 11:12:22 PM) (Source: DCOM) (EventID: 10005) (User: ARVUTI)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}


CodeIntegrity:
===================================
  Date: 2018-01-02 23:14:19.779
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\DIRECTNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2018-01-02 22:23:10.592
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\DIRECTNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-29 21:28:31.519
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\DIRECTNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-28 00:15:42.980
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\DIRECTNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-22 08:12:47.949
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\DIRECTNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-21 08:04:30.462
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\DIRECTNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-18 08:36:14.754
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\DIRECTNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-15 10:48:47.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\DIRECTNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-15 01:01:27.591
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\DIRECTNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-15 00:36:24.970
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\DIRECTNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 46%
Total physical RAM: 3977.44 MB
Available physical RAM: 2131.5 MB
Total Virtual: 8073.44 MB
Available Virtual: 5306.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:604.81 GB) (Free:86.36 GB) NTFS
Drive d: (HP_TOOLS) (Fixed) (Total:1.95 GB) (Free:1.93 GB) FAT32
Drive e: () (Fixed) (Total:68.36 GB) (Free:68.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A264DD36)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0C)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=604.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:40 PM

Posted 04 January 2018 - 09:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Yandex (HKU\S-1-5-21-1191529984-1850047899-1010345412-1001\...\YandexBrowser) (Version: 17.11.0.2191 - YANDEX)
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe
() C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe
HKLM\...\Run: [SERVICE] => [X]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 85.253.0.130 85.253.0.2
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{2FE7F377-0B3A-40D8-B65B-90F04BF85240}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}: [DhcpNameServer] 85.253.0.130 85.253.0.2
Tcpip\..\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}: [DhcpNameServer] 82.163.143.176
BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\gVEKLTxUjIE\kGqTriT.dll [2017-12-15] ()
FF Extension: (No Name) - C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\fead-ac13-a231-e237 [2017-12-15]
FF Extension: (Adblocker for Youtube) - C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi [2017-12-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF Extension: (Token signing) - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi [2017-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [No File]
CHR Extension: (Adblocker for Youtube) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbfmjahlfpihaicncgoelafnpcldkpo [2017-12-15]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe [734712 2017-12-04] (YANDEX LLC)
S2 HNService; C:\Users\Henri\AppData\Local\AdService\AdService.dll [X]
S3 ATP; \SystemRoot\system32\DRIVERS\cmdatp.sys [X]
S3 SNP2UVC; \SystemRoot\system32\DRIVERS\snp2uvc.sys [X]
S3 TVICPORT; \??\C:\WINDOWS\system32\DRIVERS\TVICPORT.SYS [X]

ContextMenuHandlers2: [IVBShlExt] -> {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {01036A73-AACF-477F-A8D4-206AE5BE7D95} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {098AB912-A0FE-4BF6-A890-C6559BB7522C} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {152F0AAA-A296-4F59-99EA-1AE640DD3FA6} - \FastDataX Task -> No File <==== ATTENTION
Task: {1F43987C-BC5D-477E-8408-75CC867D4A46} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {2B0F33F3-FE90-45F7-B14C-9EBA95F973ED} - System32\Tasks\boQbXxbEJPaDgWztw => rundll32 "C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\ukVEjMZ.dll",#1
Task: {3982BFC5-5055-400B-9E27-7ACC14EB7914} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {4F4305FC-435E-4C27-9B8A-DD3E92B118C7} - System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F} => C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe [2017-12-29] () <==== ATTENTION
Task: {5EE02C7F-1818-4F2A-AEBE-6A37693107D6} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {727037CC-B4D5-4123-8C50-2857FC833566} - System32\Tasks\jVVcebPoCjhHKmi2 => rundll32 "C:\Program Files (x86)\ExRIRmygU\WISsFE.dll",#1
Task: {8AE9F5CB-5452-4F39-8273-D6CA5ED16547} - System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a4bc5f4f\cf2e7aae.dll" <==== ATTENTION
Task: {8D6C27FF-A401-4883-9891-FE8019BEB639} - System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a4bc5f4f\cf2e7aae.dll" <==== ATTENTION => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION
Task: {B4ABC023-A040-4BE9-9645-4F0412619E2B} - System32\Tasks\Yandex Browser system update => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe [2017-12-04] (YANDEX LLC)
Task: {B817C9FB-A0FA-4034-BD78-1BFBCD0471CF} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {BD2507D6-06CD-4937-8AE2-66B5B38835A7} - System32\Tasks\Yandex Browser update => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-12-04] (YANDEX LLC)
Task: {C5449959-1FC3-46BA-B809-747DC16E59C6} - System32\Tasks\BmHhCekqquvtRi => rundll32 "C:\Program Files (x86)\vknAtWNPMhpU2\IWAIaSSsTFJEs.dll",#1
Task: {D158672D-5F96-4424-AF2E-E7A577A6967A} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {F8F8910F-E31D-4142-8169-049258DB1F8B} - System32\Tasks\Update for Yandex Browser => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-12-04] (YANDEX LLC)
Task: C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job => C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\ukVEjMZ.dll
Task: C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job => C:\Program Files (x86)\ExRIRmygU\WISsFE.dll
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update for Yandex Browser.job => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yandex Browser system update.job => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe
Task: C:\WINDOWS\Tasks\Yandex Browser update.job => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Henri\AppData\Local\4BAEB25C-6F72-7F72-6EB1-48BD4ED0C2A9
FirewallRules: [{40C8B223-CD8A-4126-BCBF-2600AEC37AD1}] => (Allow) C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Windows\System32\Tasks\Online Application V2G6
C:\Windows\System32\Tasks\Online Application V2G3
C:\Windows\System32\Tasks\Online Application V2G2
C:\Windows\System32\Tasks\Online Application V2G1
C:\Windows\System32\Tasks\Online Application V2G5
C:\Windows\System32\Tasks\Online Application V2G4

C:\Windows\System32\Tasks\boQbXxbEJPaDgWztw
C:\Windows\System32\Tasks\jVVcebPoCjhHKmi2
C:\Windows\System32\Tasks\BmHhCekqquvtRi

C:\Windows\System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F}
C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}
C:\Windows\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A}
C:\Windows\System32\Tasks\Yandex Browser system update
C:\Program Files (x86)\Yandex
C:\Windows\System32\Tasks\Yandex Browser update
C:\Users\Henri\AppData\Local\Yandex
C:\Windows\System32\Tasks\Update for Yandex Browser

C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job
C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER
C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job
C:\Program Files (x86)\ExRIRmygU\WISsFE.dll
C:\WINDOWS\Tasks\Online Application V2G1.job
C:\WINDOWS\Tasks\Online Application V2G2.job
C:\WINDOWS\Tasks\Online Application V2G3.job
C:\WINDOWS\Tasks\Online Application V2G4.job
C:\WINDOWS\Tasks\Online Application V2G5.job
C:\WINDOWS\Tasks\Online Application V2G6.job
C:\WINDOWS\Tasks\Update for Yandex Browser.job
C:\WINDOWS\Tasks\Updater_Online_Application.job
C:\WINDOWS\Tasks\Yandex Browser system update.job
C:\WINDOWS\Tasks\Yandex Browser update.job
C:\Program Files (x86)\Microleaves
C:\Program Files (x86)\gVEKLTxUjIE

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
==

Please post the logs and let me know what problems persists.

#3 henri09

henri09
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Estonia
  • Local time:04:40 AM

Posted 04 January 2018 - 04:19 PM

Seems, that the virus has left the buling.
Gmail works like it should now.
Can login to bittrex.
No redirects, no lagging.

I'll post the logs -


Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Henri (04-01-2018 20:37:58) Run:1
Running from C:\Users\Henri\Documents\FARBAR
Loaded Profiles: Henri (Available Profiles: Henri)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe
() C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe
HKLM\...\Run: [SERVICE] => [X]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 85.253.0.130 85.253.0.2
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{2FE7F377-0B3A-40D8-B65B-90F04BF85240}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}: [DhcpNameServer] 85.253.0.130 85.253.0.2
Tcpip\..\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}: [DhcpNameServer] 82.163.143.176
BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\gVEKLTxUjIE\kGqTriT.dll [2017-12-15] ()
FF Extension: (No Name) - C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\fead-ac13-a231-e237 [2017-12-15]
FF Extension: (Adblocker for Youtube) - C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi [2017-12-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF Extension: (Token signing) - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi [2017-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [No File]
CHR Extension: (Adblocker for Youtube) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbfmjahlfpihaicncgoelafnpcldkpo [2017-12-15]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe [734712 2017-12-04] (YANDEX LLC)
S2 HNService; C:\Users\Henri\AppData\Local\AdService\AdService.dll [X]
S3 ATP; \SystemRoot\system32\DRIVERS\cmdatp.sys [X]
S3 SNP2UVC; \SystemRoot\system32\DRIVERS\snp2uvc.sys [X]
S3 TVICPORT; \??\C:\WINDOWS\system32\DRIVERS\TVICPORT.SYS [X]

ContextMenuHandlers2: [IVBShlExt] -> {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {01036A73-AACF-477F-A8D4-206AE5BE7D95} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {098AB912-A0FE-4BF6-A890-C6559BB7522C} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {152F0AAA-A296-4F59-99EA-1AE640DD3FA6} - \FastDataX Task -> No File <==== ATTENTION
Task: {1F43987C-BC5D-477E-8408-75CC867D4A46} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {2B0F33F3-FE90-45F7-B14C-9EBA95F973ED} - System32\Tasks\boQbXxbEJPaDgWztw => rundll32 "C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\ukVEjMZ.dll",#1
Task: {3982BFC5-5055-400B-9E27-7ACC14EB7914} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {4F4305FC-435E-4C27-9B8A-DD3E92B118C7} - System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F} => C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe [2017-12-29] () <==== ATTENTION
Task: {5EE02C7F-1818-4F2A-AEBE-6A37693107D6} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {727037CC-B4D5-4123-8C50-2857FC833566} - System32\Tasks\jVVcebPoCjhHKmi2 => rundll32 "C:\Program Files (x86)\ExRIRmygU\WISsFE.dll",#1
Task: {8AE9F5CB-5452-4F39-8273-D6CA5ED16547} - System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a4bc5f4f\cf2e7aae.dll" <==== ATTENTION
Task: {8D6C27FF-A401-4883-9891-FE8019BEB639} - System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a4bc5f4f\cf2e7aae.dll" <==== ATTENTION => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION
Task: {B4ABC023-A040-4BE9-9645-4F0412619E2B} - System32\Tasks\Yandex Browser system update => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe [2017-12-04] (YANDEX LLC)
Task: {B817C9FB-A0FA-4034-BD78-1BFBCD0471CF} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {BD2507D6-06CD-4937-8AE2-66B5B38835A7} - System32\Tasks\Yandex Browser update => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-12-04] (YANDEX LLC)
Task: {C5449959-1FC3-46BA-B809-747DC16E59C6} - System32\Tasks\BmHhCekqquvtRi => rundll32 "C:\Program Files (x86)\vknAtWNPMhpU2\IWAIaSSsTFJEs.dll",#1
Task: {D158672D-5F96-4424-AF2E-E7A577A6967A} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {F8F8910F-E31D-4142-8169-049258DB1F8B} - System32\Tasks\Update for Yandex Browser => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-12-04] (YANDEX LLC)
Task: C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job => C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\ukVEjMZ.dll
Task: C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job => C:\Program Files (x86)\ExRIRmygU\WISsFE.dll
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update for Yandex Browser.job => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yandex Browser system update.job => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe
Task: C:\WINDOWS\Tasks\Yandex Browser update.job => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Henri\AppData\Local\4BAEB25C-6F72-7F72-6EB1-48BD4ED0C2A9
FirewallRules: [{40C8B223-CD8A-4126-BCBF-2600AEC37AD1}] => (Allow) C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Windows\System32\Tasks\Online Application V2G6
C:\Windows\System32\Tasks\Online Application V2G3
C:\Windows\System32\Tasks\Online Application V2G2
C:\Windows\System32\Tasks\Online Application V2G1
C:\Windows\System32\Tasks\Online Application V2G5
C:\Windows\System32\Tasks\Online Application V2G4

C:\Windows\System32\Tasks\boQbXxbEJPaDgWztw
C:\Windows\System32\Tasks\jVVcebPoCjhHKmi2
C:\Windows\System32\Tasks\BmHhCekqquvtRi

C:\Windows\System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F}
C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}
C:\Windows\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A}
C:\Windows\System32\Tasks\Yandex Browser system update
C:\Program Files (x86)\Yandex
C:\Windows\System32\Tasks\Yandex Browser update
C:\Users\Henri\AppData\Local\Yandex
C:\Windows\System32\Tasks\Update for Yandex Browser

C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job
C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER
C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job
C:\Program Files (x86)\ExRIRmygU\WISsFE.dll
C:\WINDOWS\Tasks\Online Application V2G1.job
C:\WINDOWS\Tasks\Online Application V2G2.job
C:\WINDOWS\Tasks\Online Application V2G3.job
C:\WINDOWS\Tasks\Online Application V2G4.job
C:\WINDOWS\Tasks\Online Application V2G5.job
C:\WINDOWS\Tasks\Online Application V2G6.job
C:\WINDOWS\Tasks\Update for Yandex Browser.job
C:\WINDOWS\Tasks\Updater_Online_Application.job
C:\WINDOWS\Tasks\Yandex Browser system update.job
C:\WINDOWS\Tasks\Yandex Browser update.job
C:\Program Files (x86)\Microleaves
C:\Program Files (x86)\gVEKLTxUjIE

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe => No running process found
C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe => No running process found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SERVICE" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FE7F377-0B3A-40D8-B65B-90F04BF85240}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}\\DhcpNameServer" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}" => removed successfully
C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\fead-ac13-a231-e237 => moved successfully
C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi => moved successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}" => removed successfully
C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi => moved successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}" => removed successfully
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => removed successfully
CHR Extension: (Adblocker for Youtube) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbfmjahlfpihaicncgoelafnpcldkpo [2017-12-15] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg" => removed successfully
YandexBrowserService => service not found.
"HKLM\System\CurrentControlSet\Services\HNService" => removed successfully
HNService => service removed successfully
"HKLM\System\CurrentControlSet\Services\ATP" => removed successfully
ATP => service removed successfully
"HKLM\System\CurrentControlSet\Services\SNP2UVC" => removed successfully
SNP2UVC => service removed successfully
"HKLM\System\CurrentControlSet\Services\TVICPORT" => removed successfully
TVICPORT => service removed successfully
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\IVBShlExt" => removed successfully
HKLM\Software\Classes\CLSID\{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01036A73-AACF-477F-A8D4-206AE5BE7D95} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01036A73-AACF-477F-A8D4-206AE5BE7D95}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{098AB912-A0FE-4BF6-A890-C6559BB7522C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{098AB912-A0FE-4BF6-A890-C6559BB7522C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{152F0AAA-A296-4F59-99EA-1AE640DD3FA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{152F0AAA-A296-4F59-99EA-1AE640DD3FA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F43987C-BC5D-477E-8408-75CC867D4A46}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F43987C-BC5D-477E-8408-75CC867D4A46}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B0F33F3-FE90-45F7-B14C-9EBA95F973ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B0F33F3-FE90-45F7-B14C-9EBA95F973ED}" => removed successfully
C:\WINDOWS\System32\Tasks\boQbXxbEJPaDgWztw => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boQbXxbEJPaDgWztw" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3982BFC5-5055-400B-9E27-7ACC14EB7914}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3982BFC5-5055-400B-9E27-7ACC14EB7914}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F4305FC-435E-4C27-9B8A-DD3E92B118C7} => key not found
"C:\WINDOWS\System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66BE7703-D115-C0A8-E7D8-EF72A670904F} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EE02C7F-1818-4F2A-AEBE-6A37693107D6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EE02C7F-1818-4F2A-AEBE-6A37693107D6}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{727037CC-B4D5-4123-8C50-2857FC833566}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{727037CC-B4D5-4123-8C50-2857FC833566}" => removed successfully
C:\WINDOWS\System32\Tasks\jVVcebPoCjhHKmi2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jVVcebPoCjhHKmi2" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AE9F5CB-5452-4F39-8273-D6CA5ED16547} => key not found
C:\WINDOWS\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6445E6B5-3D01-A81D-7587-D20391C8F63A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D6C27FF-A401-4883-9891-FE8019BEB639}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6C27FF-A401-4883-9891-FE8019BEB639}" => removed successfully
"C:\WINDOWS\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4ABC023-A040-4BE9-9645-4F0412619E2B} => key not found
"C:\WINDOWS\System32\Tasks\Yandex Browser system update" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yandex Browser system update => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B817C9FB-A0FA-4034-BD78-1BFBCD0471CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B817C9FB-A0FA-4034-BD78-1BFBCD0471CF}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G5 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD2507D6-06CD-4937-8AE2-66B5B38835A7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD2507D6-06CD-4937-8AE2-66B5B38835A7}" => removed successfully
C:\WINDOWS\System32\Tasks\Yandex Browser update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yandex Browser update" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5449959-1FC3-46BA-B809-747DC16E59C6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5449959-1FC3-46BA-B809-747DC16E59C6}" => removed successfully
C:\WINDOWS\System32\Tasks\BmHhCekqquvtRi => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BmHhCekqquvtRi" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D158672D-5F96-4424-AF2E-E7A577A6967A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D158672D-5F96-4424-AF2E-E7A577A6967A}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G4 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8F8910F-E31D-4142-8169-049258DB1F8B} => key not found
"C:\WINDOWS\System32\Tasks\Update for Yandex Browser" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update for Yandex Browser => key not found
C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job => moved successfully
C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G1.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G2.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G3.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G4.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G5.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G6.job => moved successfully
"C:\WINDOWS\Tasks\Update for Yandex Browser.job" => not found
C:\WINDOWS\Tasks\Updater_Online_Application.job => moved successfully
"C:\WINDOWS\Tasks\Yandex Browser system update.job" => not found
C:\WINDOWS\Tasks\Yandex Browser update.job => moved successfully
C:\Users\Henri\AppData\Local\4BAEB25C-6F72-7F72-6EB1-48BD4ED0C2A9 => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40C8B223-CD8A-4126-BCBF-2600AEC37AD1}" => not found
"C:\Windows\System32\Tasks\Online Application V2G6" => not found
"C:\Windows\System32\Tasks\Online Application V2G3" => not found
"C:\Windows\System32\Tasks\Online Application V2G2" => not found
"C:\Windows\System32\Tasks\Online Application V2G1" => not found
"C:\Windows\System32\Tasks\Online Application V2G5" => not found
"C:\Windows\System32\Tasks\Online Application V2G4" => not found
"C:\Windows\System32\Tasks\boQbXxbEJPaDgWztw" => not found
"C:\Windows\System32\Tasks\jVVcebPoCjhHKmi2" => not found
"C:\Windows\System32\Tasks\BmHhCekqquvtRi" => not found
"C:\Windows\System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F}" => not found
C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A} => moved successfully
"C:\Windows\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A}" => not found
"C:\Windows\System32\Tasks\Yandex Browser system update" => not found
"C:\Program Files (x86)\Yandex" => not found
"C:\Windows\System32\Tasks\Yandex Browser update" => not found
C:\Users\Henri\AppData\Local\Yandex => moved successfully
"C:\Windows\System32\Tasks\Update for Yandex Browser" => not found
"C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job" => not found
C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER => moved successfully
"C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job" => not found
C:\Program Files (x86)\ExRIRmygU\WISsFE.dll => moved successfully
"C:\WINDOWS\Tasks\Online Application V2G1.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G2.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G3.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G4.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G5.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G6.job" => not found
"C:\WINDOWS\Tasks\Update for Yandex Browser.job" => not found
"C:\WINDOWS\Tasks\Updater_Online_Application.job" => not found
"C:\WINDOWS\Tasks\Yandex Browser system update.job" => not found
"C:\WINDOWS\Tasks\Yandex Browser update.job" => not found
C:\Program Files (x86)\Microleaves => moved successfully
C:\Program Files (x86)\gVEKLTxUjIE => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::8d92:2684:f6a4:e5aa%4
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::8d92:2684:f6a4:e5aa%4
   IPv4 Address. . . . . . . . . . . : 192.168.0.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{81586463-4EE8-4447-8B07-2CD90ED281DE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20077500 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 296 B
Edge => 0 B
Chrome => 19222297 B
Firefox => 388851289 B
Opera => 20504308 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 37132 B
NetworkService => 0 B
Henri => 103701197 B

RecycleBin => 0 B
EmptyTemp: => 534.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:40:11 ====




Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Henri (04-01-2018 20:37:58) Run:1
Running from C:\Users\Henri\Documents\FARBAR
Loaded Profiles: Henri (Available Profiles: Henri)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe
() C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe
HKLM\...\Run: [SERVICE] => [X]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 85.253.0.130 85.253.0.2
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{2FE7F377-0B3A-40D8-B65B-90F04BF85240}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}: [DhcpNameServer] 85.253.0.130 85.253.0.2
Tcpip\..\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}: [DhcpNameServer] 82.163.143.176
BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\gVEKLTxUjIE\kGqTriT.dll [2017-12-15] ()
FF Extension: (No Name) - C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\fead-ac13-a231-e237 [2017-12-15]
FF Extension: (Adblocker for Youtube) - C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi [2017-12-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF Extension: (Token signing) - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi [2017-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [No File]
CHR Extension: (Adblocker for Youtube) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbfmjahlfpihaicncgoelafnpcldkpo [2017-12-15]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe [734712 2017-12-04] (YANDEX LLC)
S2 HNService; C:\Users\Henri\AppData\Local\AdService\AdService.dll [X]
S3 ATP; \SystemRoot\system32\DRIVERS\cmdatp.sys [X]
S3 SNP2UVC; \SystemRoot\system32\DRIVERS\snp2uvc.sys [X]
S3 TVICPORT; \??\C:\WINDOWS\system32\DRIVERS\TVICPORT.SYS [X]

ContextMenuHandlers2: [IVBShlExt] -> {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {01036A73-AACF-477F-A8D4-206AE5BE7D95} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {098AB912-A0FE-4BF6-A890-C6559BB7522C} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {152F0AAA-A296-4F59-99EA-1AE640DD3FA6} - \FastDataX Task -> No File <==== ATTENTION
Task: {1F43987C-BC5D-477E-8408-75CC867D4A46} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {2B0F33F3-FE90-45F7-B14C-9EBA95F973ED} - System32\Tasks\boQbXxbEJPaDgWztw => rundll32 "C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\ukVEjMZ.dll",#1
Task: {3982BFC5-5055-400B-9E27-7ACC14EB7914} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {4F4305FC-435E-4C27-9B8A-DD3E92B118C7} - System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F} => C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe [2017-12-29] () <==== ATTENTION
Task: {5EE02C7F-1818-4F2A-AEBE-6A37693107D6} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {727037CC-B4D5-4123-8C50-2857FC833566} - System32\Tasks\jVVcebPoCjhHKmi2 => rundll32 "C:\Program Files (x86)\ExRIRmygU\WISsFE.dll",#1
Task: {8AE9F5CB-5452-4F39-8273-D6CA5ED16547} - System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a4bc5f4f\cf2e7aae.dll" <==== ATTENTION
Task: {8D6C27FF-A401-4883-9891-FE8019BEB639} - System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a4bc5f4f\cf2e7aae.dll" <==== ATTENTION => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION
Task: {B4ABC023-A040-4BE9-9645-4F0412619E2B} - System32\Tasks\Yandex Browser system update => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe [2017-12-04] (YANDEX LLC)
Task: {B817C9FB-A0FA-4034-BD78-1BFBCD0471CF} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {BD2507D6-06CD-4937-8AE2-66B5B38835A7} - System32\Tasks\Yandex Browser update => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-12-04] (YANDEX LLC)
Task: {C5449959-1FC3-46BA-B809-747DC16E59C6} - System32\Tasks\BmHhCekqquvtRi => rundll32 "C:\Program Files (x86)\vknAtWNPMhpU2\IWAIaSSsTFJEs.dll",#1
Task: {D158672D-5F96-4424-AF2E-E7A577A6967A} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {F8F8910F-E31D-4142-8169-049258DB1F8B} - System32\Tasks\Update for Yandex Browser => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-12-04] (YANDEX LLC)
Task: C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job => C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\ukVEjMZ.dll
Task: C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job => C:\Program Files (x86)\ExRIRmygU\WISsFE.dll
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update for Yandex Browser.job => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yandex Browser system update.job => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe
Task: C:\WINDOWS\Tasks\Yandex Browser update.job => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Henri\AppData\Local\4BAEB25C-6F72-7F72-6EB1-48BD4ED0C2A9
FirewallRules: [{40C8B223-CD8A-4126-BCBF-2600AEC37AD1}] => (Allow) C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Windows\System32\Tasks\Online Application V2G6
C:\Windows\System32\Tasks\Online Application V2G3
C:\Windows\System32\Tasks\Online Application V2G2
C:\Windows\System32\Tasks\Online Application V2G1
C:\Windows\System32\Tasks\Online Application V2G5
C:\Windows\System32\Tasks\Online Application V2G4

C:\Windows\System32\Tasks\boQbXxbEJPaDgWztw
C:\Windows\System32\Tasks\jVVcebPoCjhHKmi2
C:\Windows\System32\Tasks\BmHhCekqquvtRi

C:\Windows\System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F}
C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}
C:\Windows\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A}
C:\Windows\System32\Tasks\Yandex Browser system update
C:\Program Files (x86)\Yandex
C:\Windows\System32\Tasks\Yandex Browser update
C:\Users\Henri\AppData\Local\Yandex
C:\Windows\System32\Tasks\Update for Yandex Browser

C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job
C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER
C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job
C:\Program Files (x86)\ExRIRmygU\WISsFE.dll
C:\WINDOWS\Tasks\Online Application V2G1.job
C:\WINDOWS\Tasks\Online Application V2G2.job
C:\WINDOWS\Tasks\Online Application V2G3.job
C:\WINDOWS\Tasks\Online Application V2G4.job
C:\WINDOWS\Tasks\Online Application V2G5.job
C:\WINDOWS\Tasks\Online Application V2G6.job
C:\WINDOWS\Tasks\Update for Yandex Browser.job
C:\WINDOWS\Tasks\Updater_Online_Application.job
C:\WINDOWS\Tasks\Yandex Browser system update.job
C:\WINDOWS\Tasks\Yandex Browser update.job
C:\Program Files (x86)\Microleaves
C:\Program Files (x86)\gVEKLTxUjIE

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe => No running process found
C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe => No running process found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SERVICE" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FE7F377-0B3A-40D8-B65B-90F04BF85240}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}\\DhcpNameServer" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}" => removed successfully
C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\fead-ac13-a231-e237 => moved successfully
C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi => moved successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}" => removed successfully
C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi => moved successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}" => removed successfully
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => removed successfully
CHR Extension: (Adblocker for Youtube) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbfmjahlfpihaicncgoelafnpcldkpo [2017-12-15] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg" => removed successfully
YandexBrowserService => service not found.
"HKLM\System\CurrentControlSet\Services\HNService" => removed successfully
HNService => service removed successfully
"HKLM\System\CurrentControlSet\Services\ATP" => removed successfully
ATP => service removed successfully
"HKLM\System\CurrentControlSet\Services\SNP2UVC" => removed successfully
SNP2UVC => service removed successfully
"HKLM\System\CurrentControlSet\Services\TVICPORT" => removed successfully
TVICPORT => service removed successfully
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\IVBShlExt" => removed successfully
HKLM\Software\Classes\CLSID\{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01036A73-AACF-477F-A8D4-206AE5BE7D95} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01036A73-AACF-477F-A8D4-206AE5BE7D95}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{098AB912-A0FE-4BF6-A890-C6559BB7522C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{098AB912-A0FE-4BF6-A890-C6559BB7522C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{152F0AAA-A296-4F59-99EA-1AE640DD3FA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{152F0AAA-A296-4F59-99EA-1AE640DD3FA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F43987C-BC5D-477E-8408-75CC867D4A46}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F43987C-BC5D-477E-8408-75CC867D4A46}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B0F33F3-FE90-45F7-B14C-9EBA95F973ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B0F33F3-FE90-45F7-B14C-9EBA95F973ED}" => removed successfully
C:\WINDOWS\System32\Tasks\boQbXxbEJPaDgWztw => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boQbXxbEJPaDgWztw" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3982BFC5-5055-400B-9E27-7ACC14EB7914}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3982BFC5-5055-400B-9E27-7ACC14EB7914}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F4305FC-435E-4C27-9B8A-DD3E92B118C7} => key not found
"C:\WINDOWS\System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66BE7703-D115-C0A8-E7D8-EF72A670904F} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EE02C7F-1818-4F2A-AEBE-6A37693107D6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EE02C7F-1818-4F2A-AEBE-6A37693107D6}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{727037CC-B4D5-4123-8C50-2857FC833566}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{727037CC-B4D5-4123-8C50-2857FC833566}" => removed successfully
C:\WINDOWS\System32\Tasks\jVVcebPoCjhHKmi2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jVVcebPoCjhHKmi2" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AE9F5CB-5452-4F39-8273-D6CA5ED16547} => key not found
C:\WINDOWS\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6445E6B5-3D01-A81D-7587-D20391C8F63A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D6C27FF-A401-4883-9891-FE8019BEB639}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6C27FF-A401-4883-9891-FE8019BEB639}" => removed successfully
"C:\WINDOWS\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4ABC023-A040-4BE9-9645-4F0412619E2B} => key not found
"C:\WINDOWS\System32\Tasks\Yandex Browser system update" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yandex Browser system update => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B817C9FB-A0FA-4034-BD78-1BFBCD0471CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B817C9FB-A0FA-4034-BD78-1BFBCD0471CF}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G5 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD2507D6-06CD-4937-8AE2-66B5B38835A7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD2507D6-06CD-4937-8AE2-66B5B38835A7}" => removed successfully
C:\WINDOWS\System32\Tasks\Yandex Browser update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yandex Browser update" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5449959-1FC3-46BA-B809-747DC16E59C6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5449959-1FC3-46BA-B809-747DC16E59C6}" => removed successfully
C:\WINDOWS\System32\Tasks\BmHhCekqquvtRi => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BmHhCekqquvtRi" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D158672D-5F96-4424-AF2E-E7A577A6967A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D158672D-5F96-4424-AF2E-E7A577A6967A}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G4 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8F8910F-E31D-4142-8169-049258DB1F8B} => key not found
"C:\WINDOWS\System32\Tasks\Update for Yandex Browser" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update for Yandex Browser => key not found
C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job => moved successfully
C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G1.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G2.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G3.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G4.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G5.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G6.job => moved successfully
"C:\WINDOWS\Tasks\Update for Yandex Browser.job" => not found
C:\WINDOWS\Tasks\Updater_Online_Application.job => moved successfully
"C:\WINDOWS\Tasks\Yandex Browser system update.job" => not found
C:\WINDOWS\Tasks\Yandex Browser update.job => moved successfully
C:\Users\Henri\AppData\Local\4BAEB25C-6F72-7F72-6EB1-48BD4ED0C2A9 => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40C8B223-CD8A-4126-BCBF-2600AEC37AD1}" => not found
"C:\Windows\System32\Tasks\Online Application V2G6" => not found
"C:\Windows\System32\Tasks\Online Application V2G3" => not found
"C:\Windows\System32\Tasks\Online Application V2G2" => not found
"C:\Windows\System32\Tasks\Online Application V2G1" => not found
"C:\Windows\System32\Tasks\Online Application V2G5" => not found
"C:\Windows\System32\Tasks\Online Application V2G4" => not found
"C:\Windows\System32\Tasks\boQbXxbEJPaDgWztw" => not found
"C:\Windows\System32\Tasks\jVVcebPoCjhHKmi2" => not found
"C:\Windows\System32\Tasks\BmHhCekqquvtRi" => not found
"C:\Windows\System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F}" => not found
C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A} => moved successfully
"C:\Windows\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A}" => not found
"C:\Windows\System32\Tasks\Yandex Browser system update" => not found
"C:\Program Files (x86)\Yandex" => not found
"C:\Windows\System32\Tasks\Yandex Browser update" => not found
C:\Users\Henri\AppData\Local\Yandex => moved successfully
"C:\Windows\System32\Tasks\Update for Yandex Browser" => not found
"C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job" => not found
C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER => moved successfully
"C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job" => not found
C:\Program Files (x86)\ExRIRmygU\WISsFE.dll => moved successfully
"C:\WINDOWS\Tasks\Online Application V2G1.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G2.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G3.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G4.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G5.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G6.job" => not found
"C:\WINDOWS\Tasks\Update for Yandex Browser.job" => not found
"C:\WINDOWS\Tasks\Updater_Online_Application.job" => not found
"C:\WINDOWS\Tasks\Yandex Browser system update.job" => not found
"C:\WINDOWS\Tasks\Yandex Browser update.job" => not found
C:\Program Files (x86)\Microleaves => moved successfully
C:\Program Files (x86)\gVEKLTxUjIE => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::8d92:2684:f6a4:e5aa%4
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::8d92:2684:f6a4:e5aa%4
   IPv4 Address. . . . . . . . . . . : 192.168.0.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{81586463-4EE8-4447-8B07-2CD90ED281DE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20077500 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 296 B
Edge => 0 B
Chrome => 19222297 B
Firefox => 388851289 B
Opera => 20504308 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 37132 B
NetworkService => 0 B
Henri => 103701197 B

RecycleBin => 0 B
EmptyTemp: => 534.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:40:11 ====



Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Henri (04-01-2018 20:37:58) Run:1
Running from C:\Users\Henri\Documents\FARBAR
Loaded Profiles: Henri (Available Profiles: Henri)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe
() C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe
HKLM\...\Run: [SERVICE] => [X]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 85.253.0.130 85.253.0.2
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{2FE7F377-0B3A-40D8-B65B-90F04BF85240}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}: [DhcpNameServer] 85.253.0.130 85.253.0.2
Tcpip\..\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}: [DhcpNameServer] 82.163.143.176
BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\gVEKLTxUjIE\kGqTriT.dll [2017-12-15] ()
FF Extension: (No Name) - C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\fead-ac13-a231-e237 [2017-12-15]
FF Extension: (Adblocker for Youtube) - C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi [2017-12-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF Extension: (Token signing) - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi [2017-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [No File]
CHR Extension: (Adblocker for Youtube) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbfmjahlfpihaicncgoelafnpcldkpo [2017-12-15]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe [734712 2017-12-04] (YANDEX LLC)
S2 HNService; C:\Users\Henri\AppData\Local\AdService\AdService.dll [X]
S3 ATP; \SystemRoot\system32\DRIVERS\cmdatp.sys [X]
S3 SNP2UVC; \SystemRoot\system32\DRIVERS\snp2uvc.sys [X]
S3 TVICPORT; \??\C:\WINDOWS\system32\DRIVERS\TVICPORT.SYS [X]

ContextMenuHandlers2: [IVBShlExt] -> {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {01036A73-AACF-477F-A8D4-206AE5BE7D95} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {098AB912-A0FE-4BF6-A890-C6559BB7522C} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {152F0AAA-A296-4F59-99EA-1AE640DD3FA6} - \FastDataX Task -> No File <==== ATTENTION
Task: {1F43987C-BC5D-477E-8408-75CC867D4A46} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {2B0F33F3-FE90-45F7-B14C-9EBA95F973ED} - System32\Tasks\boQbXxbEJPaDgWztw => rundll32 "C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\ukVEjMZ.dll",#1
Task: {3982BFC5-5055-400B-9E27-7ACC14EB7914} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {4F4305FC-435E-4C27-9B8A-DD3E92B118C7} - System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F} => C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe [2017-12-29] () <==== ATTENTION
Task: {5EE02C7F-1818-4F2A-AEBE-6A37693107D6} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {727037CC-B4D5-4123-8C50-2857FC833566} - System32\Tasks\jVVcebPoCjhHKmi2 => rundll32 "C:\Program Files (x86)\ExRIRmygU\WISsFE.dll",#1
Task: {8AE9F5CB-5452-4F39-8273-D6CA5ED16547} - System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a4bc5f4f\cf2e7aae.dll" <==== ATTENTION
Task: {8D6C27FF-A401-4883-9891-FE8019BEB639} - System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\a4bc5f4f\cf2e7aae.dll" <==== ATTENTION => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION
Task: {B4ABC023-A040-4BE9-9645-4F0412619E2B} - System32\Tasks\Yandex Browser system update => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe [2017-12-04] (YANDEX LLC)
Task: {B817C9FB-A0FA-4034-BD78-1BFBCD0471CF} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {BD2507D6-06CD-4937-8AE2-66B5B38835A7} - System32\Tasks\Yandex Browser update => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-12-04] (YANDEX LLC)
Task: {C5449959-1FC3-46BA-B809-747DC16E59C6} - System32\Tasks\BmHhCekqquvtRi => rundll32 "C:\Program Files (x86)\vknAtWNPMhpU2\IWAIaSSsTFJEs.dll",#1
Task: {D158672D-5F96-4424-AF2E-E7A577A6967A} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {F8F8910F-E31D-4142-8169-049258DB1F8B} - System32\Tasks\Update for Yandex Browser => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-12-04] (YANDEX LLC)
Task: C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job => C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\ukVEjMZ.dll
Task: C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job => C:\Program Files (x86)\ExRIRmygU\WISsFE.dll
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Update for Yandex Browser.job => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yandex Browser system update.job => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe
Task: C:\WINDOWS\Tasks\Yandex Browser update.job => C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Henri\AppData\Local\4BAEB25C-6F72-7F72-6EB1-48BD4ED0C2A9
FirewallRules: [{40C8B223-CD8A-4126-BCBF-2600AEC37AD1}] => (Allow) C:\Users\Henri\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Windows\System32\Tasks\Online Application V2G6
C:\Windows\System32\Tasks\Online Application V2G3
C:\Windows\System32\Tasks\Online Application V2G2
C:\Windows\System32\Tasks\Online Application V2G1
C:\Windows\System32\Tasks\Online Application V2G5
C:\Windows\System32\Tasks\Online Application V2G4

C:\Windows\System32\Tasks\boQbXxbEJPaDgWztw
C:\Windows\System32\Tasks\jVVcebPoCjhHKmi2
C:\Windows\System32\Tasks\BmHhCekqquvtRi

C:\Windows\System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F}
C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}
C:\Windows\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A}
C:\Windows\System32\Tasks\Yandex Browser system update
C:\Program Files (x86)\Yandex
C:\Windows\System32\Tasks\Yandex Browser update
C:\Users\Henri\AppData\Local\Yandex
C:\Windows\System32\Tasks\Update for Yandex Browser

C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job
C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER
C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job
C:\Program Files (x86)\ExRIRmygU\WISsFE.dll
C:\WINDOWS\Tasks\Online Application V2G1.job
C:\WINDOWS\Tasks\Online Application V2G2.job
C:\WINDOWS\Tasks\Online Application V2G3.job
C:\WINDOWS\Tasks\Online Application V2G4.job
C:\WINDOWS\Tasks\Online Application V2G5.job
C:\WINDOWS\Tasks\Online Application V2G6.job
C:\WINDOWS\Tasks\Update for Yandex Browser.job
C:\WINDOWS\Tasks\Updater_Online_Application.job
C:\WINDOWS\Tasks\Yandex Browser system update.job
C:\WINDOWS\Tasks\Yandex Browser update.job
C:\Program Files (x86)\Microleaves
C:\Program Files (x86)\gVEKLTxUjIE

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Yandex\YandexBrowser\17.11.0.2191\service_update.exe => No running process found
C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A}\46DA22FA-F171-9551-440C-1F41C484AE9F.exe => No running process found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SERVICE" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FE7F377-0B3A-40D8-B65B-90F04BF85240}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81586463-4EE8-4447-8B07-2CD90ED281DE}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AFC2F538-CC14-4362-8F9F-CCF5BD20B53D}\\DhcpNameServer" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}" => removed successfully
C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\90mbeyi0.default\Extensions\fead-ac13-a231-e237 => moved successfully
C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi => moved successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}" => removed successfully
C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi => moved successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}" => removed successfully
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => removed successfully
CHR Extension: (Adblocker for Youtube) - C:\Users\Henri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbfmjahlfpihaicncgoelafnpcldkpo [2017-12-15] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg" => removed successfully
YandexBrowserService => service not found.
"HKLM\System\CurrentControlSet\Services\HNService" => removed successfully
HNService => service removed successfully
"HKLM\System\CurrentControlSet\Services\ATP" => removed successfully
ATP => service removed successfully
"HKLM\System\CurrentControlSet\Services\SNP2UVC" => removed successfully
SNP2UVC => service removed successfully
"HKLM\System\CurrentControlSet\Services\TVICPORT" => removed successfully
TVICPORT => service removed successfully
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\IVBShlExt" => removed successfully
HKLM\Software\Classes\CLSID\{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01036A73-AACF-477F-A8D4-206AE5BE7D95} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01036A73-AACF-477F-A8D4-206AE5BE7D95}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{098AB912-A0FE-4BF6-A890-C6559BB7522C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{098AB912-A0FE-4BF6-A890-C6559BB7522C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{152F0AAA-A296-4F59-99EA-1AE640DD3FA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{152F0AAA-A296-4F59-99EA-1AE640DD3FA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F43987C-BC5D-477E-8408-75CC867D4A46}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F43987C-BC5D-477E-8408-75CC867D4A46}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B0F33F3-FE90-45F7-B14C-9EBA95F973ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B0F33F3-FE90-45F7-B14C-9EBA95F973ED}" => removed successfully
C:\WINDOWS\System32\Tasks\boQbXxbEJPaDgWztw => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boQbXxbEJPaDgWztw" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3982BFC5-5055-400B-9E27-7ACC14EB7914}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3982BFC5-5055-400B-9E27-7ACC14EB7914}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F4305FC-435E-4C27-9B8A-DD3E92B118C7} => key not found
"C:\WINDOWS\System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{66BE7703-D115-C0A8-E7D8-EF72A670904F} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EE02C7F-1818-4F2A-AEBE-6A37693107D6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EE02C7F-1818-4F2A-AEBE-6A37693107D6}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{727037CC-B4D5-4123-8C50-2857FC833566}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{727037CC-B4D5-4123-8C50-2857FC833566}" => removed successfully
C:\WINDOWS\System32\Tasks\jVVcebPoCjhHKmi2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jVVcebPoCjhHKmi2" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AE9F5CB-5452-4F39-8273-D6CA5ED16547} => key not found
C:\WINDOWS\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6445E6B5-3D01-A81D-7587-D20391C8F63A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D6C27FF-A401-4883-9891-FE8019BEB639}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6C27FF-A401-4883-9891-FE8019BEB639}" => removed successfully
"C:\WINDOWS\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6445E6B5-3D01-A81D-7587-D20391C8F63A} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4ABC023-A040-4BE9-9645-4F0412619E2B} => key not found
"C:\WINDOWS\System32\Tasks\Yandex Browser system update" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yandex Browser system update => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B817C9FB-A0FA-4034-BD78-1BFBCD0471CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B817C9FB-A0FA-4034-BD78-1BFBCD0471CF}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G5 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD2507D6-06CD-4937-8AE2-66B5B38835A7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD2507D6-06CD-4937-8AE2-66B5B38835A7}" => removed successfully
C:\WINDOWS\System32\Tasks\Yandex Browser update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yandex Browser update" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5449959-1FC3-46BA-B809-747DC16E59C6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5449959-1FC3-46BA-B809-747DC16E59C6}" => removed successfully
C:\WINDOWS\System32\Tasks\BmHhCekqquvtRi => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BmHhCekqquvtRi" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D158672D-5F96-4424-AF2E-E7A577A6967A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D158672D-5F96-4424-AF2E-E7A577A6967A}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G4 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8F8910F-E31D-4142-8169-049258DB1F8B} => key not found
"C:\WINDOWS\System32\Tasks\Update for Yandex Browser" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update for Yandex Browser => key not found
C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job => moved successfully
C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G1.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G2.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G3.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G4.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G5.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G6.job => moved successfully
"C:\WINDOWS\Tasks\Update for Yandex Browser.job" => not found
C:\WINDOWS\Tasks\Updater_Online_Application.job => moved successfully
"C:\WINDOWS\Tasks\Yandex Browser system update.job" => not found
C:\WINDOWS\Tasks\Yandex Browser update.job => moved successfully
C:\Users\Henri\AppData\Local\4BAEB25C-6F72-7F72-6EB1-48BD4ED0C2A9 => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40C8B223-CD8A-4126-BCBF-2600AEC37AD1}" => not found
"C:\Windows\System32\Tasks\Online Application V2G6" => not found
"C:\Windows\System32\Tasks\Online Application V2G3" => not found
"C:\Windows\System32\Tasks\Online Application V2G2" => not found
"C:\Windows\System32\Tasks\Online Application V2G1" => not found
"C:\Windows\System32\Tasks\Online Application V2G5" => not found
"C:\Windows\System32\Tasks\Online Application V2G4" => not found
"C:\Windows\System32\Tasks\boQbXxbEJPaDgWztw" => not found
"C:\Windows\System32\Tasks\jVVcebPoCjhHKmi2" => not found
"C:\Windows\System32\Tasks\BmHhCekqquvtRi" => not found
"C:\Windows\System32\Tasks\{66BE7703-D115-C0A8-E7D8-EF72A670904F}" => not found
C:\ProgramData\{60DD3CB9-D776-8B12-B1E0-28869124443A} => moved successfully
"C:\Windows\System32\Tasks\{6445E6B5-3D01-A81D-7587-D20391C8F63A}" => not found
"C:\Windows\System32\Tasks\Yandex Browser system update" => not found
"C:\Program Files (x86)\Yandex" => not found
"C:\Windows\System32\Tasks\Yandex Browser update" => not found
C:\Users\Henri\AppData\Local\Yandex => moved successfully
"C:\Windows\System32\Tasks\Update for Yandex Browser" => not found
"C:\WINDOWS\Tasks\boQbXxbEJPaDgWztw.job" => not found
C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER => moved successfully
"C:\WINDOWS\Tasks\jVVcebPoCjhHKmi.job" => not found
C:\Program Files (x86)\ExRIRmygU\WISsFE.dll => moved successfully
"C:\WINDOWS\Tasks\Online Application V2G1.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G2.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G3.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G4.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G5.job" => not found
"C:\WINDOWS\Tasks\Online Application V2G6.job" => not found
"C:\WINDOWS\Tasks\Update for Yandex Browser.job" => not found
"C:\WINDOWS\Tasks\Updater_Online_Application.job" => not found
"C:\WINDOWS\Tasks\Yandex Browser system update.job" => not found
"C:\WINDOWS\Tasks\Yandex Browser update.job" => not found
C:\Program Files (x86)\Microleaves => moved successfully
C:\Program Files (x86)\gVEKLTxUjIE => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::8d92:2684:f6a4:e5aa%4
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Ethernet 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::8d92:2684:f6a4:e5aa%4
   IPv4 Address. . . . . . . . . . . : 192.168.0.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{81586463-4EE8-4447-8B07-2CD90ED281DE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20077500 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 296 B
Edge => 0 B
Chrome => 19222297 B
Firefox => 388851289 B
Opera => 20504308 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 37132 B
NetworkService => 0 B
Henri => 103701197 B

RecycleBin => 0 B
EmptyTemp: => 534.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:40:11 ====


 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:40 PM

Posted 05 January 2018 - 07:53 AM

Hi,

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#5 henri09

henri09
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Estonia
  • Local time:04:40 AM

Posted 05 January 2018 - 08:05 AM

All is well indeed.
Also the chrome restart, Mbam and Adwcleaner managed to get rid of problems on another PC in my home.
Had other type of malware, not so harassing.

Thank you very much once again for now.

Best wishes






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users