|
Log-Analyse und Auswertung: Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.07.2018, 22:33 | #1 |
| Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) Hallo Community, In Comodo IceDragen werden Google suchanfragen umgeleitet, des Weiteren habe ich Aussetzer beim Radiostream und Youtube. Den ersten Scan erfolgte mit ZHPDiag v2018.6.22.140 im Abgesichten Modus. Dabei habe ich folgendes gefunden: auszug ZHPDiag1.txt Code:
ATTFilter ---\ Windows-Produkt-Informationen (4) - 3s Windows Activation Technologies : KO ---\ Im Automatikbetrieb geplanten Tasks (Register) (22) - 7s O38 - TASK: {F30D9358-51C3-40AF-8991-7D062C2B3746} [64Bits][\AutoKMS] - (.CODYQX4 - AutoKMS.) -- C:\Windows\AutoKMS\AutoKMS.exe [5046784] =>HackTool.AutoKMS C:\Windows\System32\Tasks\AutoKMS - (.CODYQX4.) -- C:\Windows\AutoKMS\AutoKMS.exe [] =>HackTool.AutoKMS ---\ HKCU & HKLM Software Keys (437) - 47s HKCU\SOFTWARE\Alex =>Adware.CrossRider HKCU\SOFTWARE\eSupport.com =>PUP.Optional.eSupport HKU\S-1-5-21-460318521-3142920051-2641109734-1000\SOFTWARE\Alex =>Adware.CrossRider HKU\S-1-5-21-460318521-3142920051-2641109734-1000\SOFTWARE\eSupport.com =>PUP.Optional.eSupport ---\ Inhalt der Ordner Programme (402) - 15s O43 - CFD: 13/01/2018 - [] D -- C:\ProgramData\InstallMate =>Adware.Tarma ---\ Search Tracing Registry Key (2) - 2s HKLM\SOFTWARE\Microsoft\Tracing\Microsoft Toolkit_RASAPI32 =>HackTool.WinActivator HKLM\SOFTWARE\Microsoft\Tracing\Microsoft Toolkit_RASMANCS =>HackTool.WinActivator ---\ Zusätzliche Scan (O88) (21) - 3s C:\Windows\AutoKMS\AutoKMS.exe =>HackTool.AutoKMS C:\Windows\System32\Tasks\AutoKMS =>HackTool.AutoKMS C:\ProgramData\InstallMate =>Adware.Tarma HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Microsoft Toolkit_RASAPI32 =>HackTool.WinActivator HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Microsoft Toolkit_RASMANCS =>HackTool.WinActivator Leider erst jetzt ließ ich folgende Beiträge: https://www.trojaner-board.de/153593-crossrider-entfernen.html https://www.trojaner-board.de/167224-windows-8-1-pup-optional-crossrider-a.html https://www.trojaner-board.de/154212-virenfund-adware-crossrider.html https://www.trojaner-board.de/166517-windows-7-probleme-adware-crossrider-virus.html --- https://www.trojaner-board.de/69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html https://www.trojaner-board.de/137229-anleitung-posten-logfiles-code-tags.html#post1095079 --- Vielen Dank im Voraus für die Hilfe und ich erwarte eure Anweisungen wie es weiter gehen soll. |
27.07.2018, 22:46 | #2 |
| Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) Log 1 MBAM
__________________Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 06.07.18 Scan-Zeit: 21:16 Protokolldatei: 0fab97fa-8151-11e8-95d3-1c6f65485878.json Administrator: Ja -Softwaredaten- Version: 3.5.1.2522 Komponentenversion: 1.0.374 Version des Aktualisierungspakets: 1.0.5801 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: xXxXxLogo\xXxXx -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Scan gestartet von: Manuell Ergebnis: Abgeschlossen Gescannte Objekte: 250610 Erkannte Bedrohungen: 8 In die Quarantäne verschobene Bedrohungen: 0 (keine bösartigen Elemente erkannt) Abgelaufene Zeit: 2 Min., 25 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Deaktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 4 PUP.Optional.DriverPack, HKU\S-1-5-21-460318521-3142920051-2641109734-1000\SOFTWARE\DRPSU, Keine Aktion durch Benutzer, [887], [472301],1.0.5801 PUP.Optional.WinMendRegistryCleaner, HKU\S-1-5-21-460318521-3142920051-2641109734-1000\SOFTWARE\SunnyDigits, Keine Aktion durch Benutzer, [3426], [483624],1.0.5801 PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU, Keine Aktion durch Benutzer, [887], [472300],1.0.5801 PUP.Optional.DriverAgent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DrvAgent64, Keine Aktion durch Benutzer, [3501], [345587],1.0.5801 Registrierungswert: 2 PUP.Optional.DriverPack, HKU\S-1-5-21-460318521-3142920051-2641109734-1000\SOFTWARE\DRPSU|CLIENTID, Keine Aktion durch Benutzer, [887], [472301],1.0.5801 PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU|CLIENTID, Keine Aktion durch Benutzer, [887], [472300],1.0.5801 Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 2 PUP.Optional.DriverAgent, C:\WINDOWS\SYSWOW64\DRIVERS\DRVAGENT64.SYS, Keine Aktion durch Benutzer, [3501], [345587],1.0.5801 CrackTool.FilePatch, C:\USERS\xXxXx\APPDATA\LOCAL\TEMP\DUP2PATCHER.DLL, Keine Aktion durch Benutzer, [10825], [19569],1.0.5801 Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by Trans (Administrator) on So, 24.06.2018 at 7:18:16,71 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on So, 24.06.2018 at 7:19:24,60 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Shortcut Cleaner 1.4.9.6 by Lawrence Abrams (Grinler) hxxp://www.bleepingcomputer.com/ Copyright 2008-2018 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/ Windows Version: Windows 7 Ultimate Service Pack 1 Program started at: 06/01/2018 01:11:21 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\xXxXx\AppData\Roaming\Microsoft\Windows\Start Menu\ Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\xXxXx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Searching C:\Users\Public\Desktop\ Searching C:\Users\xXxXx\Desktop\ Searching C:\Users\Public\Desktop\ 0 bad shortcuts found. Program finished at: 06/01/2018 01:11:22 PM Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s) FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018 Ran by xXxXx (administrator) on xXxXxLOGO (30-06-2018 08:23:19) Running from F:\Downloads von xXxXx\Farbar Recovery Scan Tool FRST64 - Download - Filepony Loaded Profiles: xXxXx (Available Profiles: xXxXx) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\Everything\Everything.exe () C:\Users\xXxXx\AppData\Roaming\ZHP\ZHPCleaner.exe (Malwarebytes) C:\Users\xXxXx\Downloads\adwcleaner_7.1.1.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\sethc.exe (Emsisoft Ltd) F:\Downloads von xXxXx\EmsisoftEmergencyKit\BIN64\a2cmd.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor) HKLM\...\Run: [Launch LgDevAgt] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [397320 2008-11-06] (Logitech Inc.) HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2049544 2008-11-06] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3837960 2008-11-06] (Logitech Inc.) HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY HKLM-x32\...\Run: [MRUTray] => C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe [731176 2010-03-08] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\RunOnce: [] => [X] Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\Run: [f.lux] => C:\Users\xXxXx\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2016-12-26] () Startup: C:\Users\xXxXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-11-25] ShortcutTarget: An OneNote senden.lnk -> D:\Microsoft Office 2016 Pro Plus\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\xXxXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk [2016-01-23] ShortcutTarget: C2DtoG15.lnk -> C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe (Andreas Sammann) GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll => No File Tcpip\Parameters: [DhcpNameServer] xxx.XXX.xxx.XXX Tcpip\..\Interfaces\{4A203B00-467E-40A4-9C82-71A26F6AC778}: [DhcpNameServer] xxx.XXX.xxx.XXX Internet Explorer: ================== HKU\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/ HKU\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-03-03] (AO Kaspersky Lab) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-02-02] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office 2016 Pro Plus\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-02-02] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-03-03] (AO Kaspersky Lab) Toolbar: HKU\S-1-5-21-460318521-3142920051-2641109734-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-460318521-3142920051-2641109734-1000 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1465820290705 Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - D:\Microsoft Office 2016 Pro Plus\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - D:\Microsoft Office 2016 Pro Plus\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: zidube0h.default FF ProfilePath: C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default [2018-06-30] FF Homepage: Comodo\IceDragon\Profiles\zidube0h.default -> hxxps://de.yahoo.com/?fr=fp-comodo&type=25050004003_id_hp FF Session Restore: Comodo\IceDragon\Profiles\zidube0h.default -> is enabled. FF Extension: (Mixcloud Downloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\@mixclouddownloader.xpi [2018-05-19] FF Extension: (One-Click Translate Page) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\@one-click-xXxXxlate-page-button.xpi [2016-05-15] [Legacy] FF Extension: (Image Search) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\@rev-image-search.xpi [2018-05-19] FF Extension: (about:addons-memory) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\about-addons-memory@tn123.org.xpi [2016-08-19] [Legacy] FF Extension: (ADB Helper) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\adbhelper@mozilla.org.xpi [2018-05-19] [Legacy] FF Extension: (DownThemAll! AntiContainer) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\anticontainer@downthemall.net.xpi [2016-05-05] [Legacy] FF Extension: (Flash Video Downloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\artur.dubovoy@gmail.com.xpi [2018-05-20] FF Extension: (Copy Link URL) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\copylinkurl@bluelightdev.com.xpi [2016-05-26] [Legacy] FF Extension: (Extension source viewer) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\crxviewer-firefox@robwu.nl.xpi [2018-05-31] FF Extension: (Download Master) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\dm@westbyte.com.xpi [2018-05-26] FF Extension: (FastPrevNext) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\fastprevnext@tn123.ath.cx.xpi [2016-05-27] [Legacy] FF Extension: (FoxyTab) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\foxytab@eros.man.xpi [2018-05-26] FF Extension: (SaveFrom.net Helfer) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\helper-sig@savefrom.net.xpi [2018-05-31] FF Extension: (Image Picker) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\ImagePicker@topolog.org [2017-05-28] [Legacy] FF Extension: (YouTube mp3) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\info@youtube-mp3.org.xpi [2017-08-05] [Legacy] FF Extension: (Turbo Download Manager (v2)) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid0-dsq67mf5kjjhiiju2dfb6kk8dfw@jetpack.xpi [2018-05-26] FF Extension: (Easy YouTube to MP3 Converter) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpi [2016-08-03] [Legacy] FF Extension: (Zum Google Übersetzer) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2018-05-30] FF Extension: (SoundCloud MP3 Downloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid1-hnmMaq1milpehc6uI@jetpack.xpi [2018-05-20] FF Extension: (jdCaptcha) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid1-pb9n59z6lXIxjw@jetpack.xpi [2018-01-13] [Legacy] FF Extension: (Best Youtube Mp3 Download) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid1-SeLs5yD73k7KzA@jetpack.xpi [2016-08-03] [Legacy] FF Extension: (Save Images) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\LDSI_plashcor@gmail.com.xpi [2017-10-20] [Legacy] FF Extension: (Link Gopher) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\linkgopher@oooninja.com.xpi [2018-05-26] FF Extension: (MinimizeToTray revived (MinTrayR)) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\mintrayr@tn123.ath.cx [2016-08-12] [Legacy] FF Extension: (Multithreaded Download Manager) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\multithreaded-download-manager@qw.linux-2g64.local.xpi [2018-05-26] FF Extension: (Save File to) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\savefileto@mozdev.org.xpi [2016-05-27] [Legacy] FF Extension: (Save Image to Downloads) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\save_to_downloads@save_to_downloads.org.xpi [2018-05-20] FF Extension: (No Name) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\simple-tab-groups@drive4ik.xpi [2018-05-26] FF Extension: (Tab Counter) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\tab-counter@daawesomep.addons.mozilla.org.xpi [2018-05-26] FF Extension: (Tab Counter) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\tabcounter@morac.xpi [2017-05-27] [Legacy] FF Extension: (Tab Groups) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\tabgroups@quicksaver.xpi [2017-12-26] [Legacy] FF Extension: (The Addon Bar (restored)) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-05-05] [Legacy] FF Extension: (uBlock Origin) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\uBlock0@raymondhill.net.xpi [2018-05-31] FF Extension: (Download with JDownloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{03e07985-30b0-4ae0-8b3e-0c7519b9bdf6}.xpi [2018-05-31] FF Extension: (Session Manager) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-05-27] [Legacy] FF Extension: (Download Manager for Firefox) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{2060d74a-fd12-4482-909b-9aeeaaa98627}.xpi [2018-05-20] FF Extension: (Save Image in Folder) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi [2015-12-27] [Legacy] FF Extension: (Save Button for Pinterest) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2018-05-20] FF Extension: (Thumbs) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}.xpi [2018-04-22] [Legacy] FF Extension: (CacheViewer) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2017-09-02] [Legacy] FF Extension: (Open image in a new tab) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{7276f3bb-de56-4b5a-b940-88b62731d409}.xpi [2018-05-20] FF Extension: (Bulk Media Downloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{72b2e02b-3a71-4895-886c-fd12ebe36ba3}.xpi [2018-05-20] FF Extension: (Save In…) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{72d92df5-2aa0-4b06-b807-aa21767545cd}.xpi [2018-05-26] FF Extension: (Google Image Search) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2016-05-05] [Legacy] FF Extension: (Copy Links) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi [2016-05-05] [Legacy] FF Extension: (Download Statusbar) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{76faaba6-3aa1-47a4-bf40-90aa2505e79c}.xpi [2018-05-20] FF Extension: (Download status) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}.xpi [2016-05-05] [Legacy] FF Extension: (Video Downloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{a14b9c5e-f7da-419c-914c-b023017dceba}.xpi [2018-05-31] FF Extension: (Video DownloadHelper) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-05-31] FF Extension: (Fast Video Download) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2016-11-20] [Legacy] FF Extension: (DownThemAll!) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29] [Legacy] FF Extension: (Greasemonkey) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-05-31] FF Extension: (Copy All Links) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{e6a9a96e-4a08-4719-b9bd-0e91c35aaabc}.xpi [2016-05-05] [Legacy] FF Extension: (Google Privacy) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2016-05-05] [Legacy] FF Extension: (G Links) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{ebe76e19-dd9f-4b48-a90d-9b4d85de5d70}.xpi [2016-05-26] [Legacy] FF Extension: (Download Manager Tweak) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2016-05-27] [Legacy] FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-05-06] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-05-05] () FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-02-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-02-02] (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-05-05] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ [] () FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-460318521-3142920051-2641109734-1000: @tools.google.com/Google Update;version=3 -> C:\Users\xXxXx\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-18] (Google Inc.) FF Plugin HKU\S-1-5-21-460318521-3142920051-2641109734-1000: @tools.google.com/Google Update;version=9 -> C:\Users\xXxXx\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-18] (Google Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed] S2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab) S4 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2273424 2016-10-03] (Comodo) S2 Everything; C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] () S4 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [4295952 2018-02-07] (Comodo Inc.) S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2018-03-03] (AO Kaspersky Lab) S2 Marvell RAID; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [235560 2010-03-08] () S2 MRUWebService; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635 2008-06-12] (Apache Software Foundation) [File not signed] S2 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group) S2 SystoG15Svc; C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe [59392 2011-01-26] (Andreas Sammann) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-11-24] (Microsoft Corporation) S3 KSDE1.0.0; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe" -r [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 abelssoft_recordify; C:\Windows\System32\drivers\recordify.sys [56584 2016-01-08] (Abelssoft) S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab) S3 CrystalSysInfo; F:\Downloads von xXxXx\MediaCoder-x64-0.8.48.5888\SysInfoX64.sys [18128 2007-09-25] () S3 dc3d; C:\Windows\System32\DRIVERS\dc3d.sys [47616 2011-05-18] (Microsoft Corporation) [File not signed] S1 epp; F:\Downloads von xXxXx\EmsisoftEmergencyKit\BIN64\epp.sys [142448 2018-06-01] (Emsisoft Ltd) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab) S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-24] (AO Kaspersky Lab) S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [119496 2018-05-06] (AO Kaspersky Lab) S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [206024 2018-05-06] (AO Kaspersky Lab) S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1192128 2018-05-06] (AO Kaspersky Lab) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1073344 2018-05-06] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [56520 2018-05-06] (AO Kaspersky Lab) S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [57568 2016-12-23] (AO Kaspersky Lab) S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab) S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-12-24] (AO Kaspersky Lab) S3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81904 2017-12-24] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [142024 2018-05-06] (AO Kaspersky Lab) S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-12-24] (AO Kaspersky Lab) S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.) S3 MYFAULT; C:\Windows\system32\drivers\myfault.sys [25392 2018-06-01] (Sysinternals) S3 netwlv64; C:\Windows\System32\DRIVERS\netwlv64.sys [7530496 2013-06-18] (Intel Corporation) [File not signed] S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [130960 2012-12-14] (Ray Hinchliffe) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [File not signed] S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [199808 2017-10-18] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [210680 2017-10-18] (Oracle Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2016-01-19] (Oracle Corporation) S2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2012-09-11] (WinISO.com) S3 WinRing0_1_2_0; C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org) S3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation) S3 ATICDSDr; \??\C:\Users\xXxXx\AppData\Local\Temp\ATICDSDr.sys [X] <==== ATTENTION S4 rtkio; \??\C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [X] S3 SCL01164; system32\DRIVERS\SCL01164.sys [X] S4 TEAM; system32\DRIVERS\RtTeam60.sys [X] S4 VGPU; System32\drivers\rdvgkmd.sys [X] S4 zntport; \??\C:\Windows\system32\drivers\zntport.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\recordify.sys AD86367BD36D3BAB28613D2FFAA42A4E C:\Windows\System32\drivers\ACPI.sys DCA5495CA17AEB2F4FD8AC60812C3999 C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC C:\Windows\system32\drivers\agp440.sys 466BF4170DC41BB939F1F9AB8F97F8F5 C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys 8A22BE3663C0A93F7E4C1A458FC0817A C:\Windows\System32\DRIVERS\atikmpag.sys C0C27A1094F6EA978FB2CAACFDE0E594 C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\DRIVERS\AMPPAL.sys 18A8E8A19CD826D31D2E74E740220001 C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87 C:\Windows\system32\drivers\appid.sys 204EEBF8D67B5C16F9AEB5174A8CEB90 C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtihdW76.sys 1CE73AB39DBB6A20CF1A99AEBA9A43E8 C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys B5D7A0638CA817BA7D8A4DFD3499BA2A C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cm_km.sys F03BD81B9F81EE845D790B55417CD0AA C:\Windows\System32\Drivers\cng.sys 9DE8D00626F01DBD1879A6655D7A752D C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit F:\Downloads von xXxXx\MediaCoder-x64-0.8.48.5888\SysInfoX64.sys 5228B7A738DC90A06AE4F4A7412CB1E9 C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\dc3d.sys 7AF9DAC504FBD047CBC3E64AE52C92BF C:\Windows\System32\Drivers\dfsc.sys 7D2D2284833760A82308CF09F7618E8B C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 8407DDFAB85AE664E507C30314090385 C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\System32\Drivers\ElbyCDIO.sys BDD265EEB37DF5953A547FE412E2472F C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit F:\Downloads von xXxXx\EmsisoftEmergencyKit\BIN64\epp.sys 4B302604189A4BF55ED774A79ECD58D0 C:\Windows\system32\drivers\errdev.sys 9002EED07FD7FCFF6B8C5C06B454AC19 C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324 C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24 C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys DC591A7A196E99EFB5A48D708CB989FD C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\gdrv.sys 7907E14F9BCF3A4689C9A74A1A873CB6 C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys 90D91013D16A15B22A4B4EB6D4140A5B C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys 93C367EA831FB39DEE3BA96539A187FB C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys 7A93DBF7DD86A28C0B941F4D39B85A0E C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys 905E9D664F38B93B53FA05422165F5B5 C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kl1.sys 025177EB96DDB40DBA3CD003AD54D90B C:\Windows\System32\DRIVERS\klbackupdisk.sys AD67F0BFD14CA21269A274C3A4BEF497 C:\Windows\System32\DRIVERS\klbackupflt.sys 34B42D05E89FD4A5F77F612890E720CB C:\Windows\System32\DRIVERS\kldisk.sys 7DAA9047F50BF5A3F8C147719FC520AF C:\Windows\System32\DRIVERS\klflt.sys 3961D24B3E6A5C99F97A4B5324B08243 C:\Windows\System32\DRIVERS\klhk.sys C0691CBA8BA4EB170CF01BE5E7DC7192 C:\Windows\System32\DRIVERS\klif.sys E74A0B4A079DDBA941B8E9B42AEF433D C:\Windows\System32\DRIVERS\klim6.sys AAC68576EF93EF1BD17FE0B777D411E0 C:\Windows\System32\DRIVERS\klkbdflt.sys E9DC10BB19A990BBB34759646BF9D1DF C:\Windows\System32\DRIVERS\klmouflt.sys B529DD154D29823708C7FCEFF8012842 C:\Windows\System32\DRIVERS\klpd.sys C334FBE82E1ADE139FFCD43517378A4B C:\Windows\System32\DRIVERS\kltap.sys 828B042A95F055648DA190DF6C7AB1B6 C:\Windows\System32\DRIVERS\kltdi.sys D4BFD84A61FDEB56CF6809E8EF07C7E8 C:\Windows\System32\DRIVERS\klwtp.sys 2FC2447D2C9808769094CD00D3A1EE6E C:\Windows\System32\DRIVERS\kneps.sys C2E155A456E0E18953A41546C8769E63 C:\Windows\System32\Drivers\ksecdd.sys 248B268241DB33B677FB0D50CE52A7F7 C:\Windows\System32\Drivers\ksecpkg.sys 755895D37F128F9AE3F408B20630EDC3 C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0 C:\Windows\System32\drivers\LGJoyXlCore.sys 7D24DEBE7BC0C01A30A9A65806B61453 C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys 5416CEB2916BBE635288C4D1075B045E C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys 6D9BB8B53394B62540A3971FCE2BE8DB C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F C:\Windows\System32\DRIVERS\mrxsmb.sys B07AD0FD4026F7E3A146485B728B9CAF C:\Windows\System32\DRIVERS\mrxsmb10.sys 4D28B9613A100BC42CAA07E335AD4705 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9E4E93DA0A2A492C8D31FCA092BE9384 C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys 6FE3DBEEA730A857CA3DF603B7DEADA2 C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys 94275393BB85D1E2B74BFEFEC386B4A0 C:\Windows\system32\drivers\mssmbios.sys 1FC0BF25FFCB9F751BCBC6C6AC577078 C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys AA0C2BA3782E92BD85E2264BE418E67C C:\Windows\System32\DRIVERS\mv91cons.sys 6AF2640B5D7202FA0D96467318D4592E C:\Windows\system32\drivers\myfault.sys 222449A588EA111DAF66E84177D73AE9 C:\Windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452 C:\Windows\System32\drivers\ndis.sys 261F27367EB6EA6478B940811F0A6F03 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys 3F217F77899654833B650ED6A1372BE4 C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys E46AF308E96F7730F59B0F250A884CD6 C:\Windows\System32\DRIVERS\netbios.sys 2E19EB10185992AB08BC3688AACA4CE2 C:\Windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D C:\Windows\System32\DRIVERS\netr7364.sys 81B8D0C1CE44A7FDBD596B693783950C C:\Windows\System32\DRIVERS\netwlv64.sys 10C475C8374F5E4905979D6C5F504DE0 C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4 C:\Windows\System32\Drivers\Ntfs.sys 8422AFBD1C2D30FFC913309D7F1A366D C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys 7425A6B64F5D37D0565F2581B886E5E3 C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys 481DADB90C1D4E9F19328079C7A9E63D C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694 C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys 4CE827A5433451551E99C2C1D20E4A43 C:\Windows\system32\Drivers\pssdk42.sys CD33CB6FECF65520466F95AB89CC4AF5 C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys FB45727105E27756B3252572A138FA19 C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41 C:\Windows\System32\drivers\rdyboost.sys F4287A980C0AA41DE3073F053E5EA73C C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys 4FBDA07EF0A3097CE14C5CABF723B278 C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sis163u.sys CDEDDF9D11FBEDDB673798A450CB17BB C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\system32\Drivers\SIVX64.sys D860B78FC88B5BD05B846D6A3F0A19EF C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 1145EC013B72D4E6C60497707BB1A4B6 C:\Windows\System32\DRIVERS\srv2.sys 2D8FFA3B636368130F909E0CD935B555 C:\Windows\System32\DRIVERS\srvnet.sys 4B1C343E11065819F687EAC68A5E13F3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys 10DCD3BDFA785E1482EC02304A7E9B96 C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78 C:\Windows\System32\drivers\tcpip.sys 8A54B9C4206FBAB2CEE3525CFD365241 C:\Windows\System32\DRIVERS\tcpip.sys 8A54B9C4206FBAB2CEE3525CFD365241 C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A C:\Windows\system32\drivers\termdd.sys AC24D7A7D9EEDE11E2926F9001BEAFB5 C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D C:\Windows\System32\DRIVERS\tssecsrv.sys 2CF58216424757ED29605B4F18EC443C C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426 C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07 C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys B70E26A57F35ECA5199E6D6B9592A67C C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473 C:\Windows\system32\drivers\usbccgp.sys 9E68E917FB4B5C983438969643F53BEF C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys 3F9D3902CE931E2A28DD8452AE915B67 C:\Windows\System32\DRIVERS\usbfilter.sys 5AE9C87A1ED4B243942B3FDDD902134B C:\Windows\System32\DRIVERS\usbhub.sys 86B65EEBC03B936DE8B26E5A18D98FA2 C:\Windows\system32\drivers\usbohci.sys 099C2931C6F73EB1B9E13C560F61B50D C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43 C:\Windows\system32\drivers\usbuhci.sys 5D7651347C7D702F4A5DE53603DC024F C:\Windows\System32\DRIVERS\VBoxDrv.sys 84C6F1514992377781CBD3B4DE0D5051 C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys EF7F23DA190E74156157DD3CA835627D C:\Windows\System32\DRIVERS\VBoxNetLwf.sys ECEC981D0FF18BB93AA9BB59EDA7A0DC C:\Windows\System32\Drivers\VBoxUSB.sys 90F27457F9D7C5190033001565B34BEC C:\Windows\System32\DRIVERS\VBoxUSBMon.sys 63F95FCFEFE94AAB6F6A34BD1A4A2686 C:\Windows\System32\DRIVERS\VClone.sys 2CB7AEA800B614184238232FBA4430E1 C:\Windows\System32\drivers\vdrvroot.sys 7BDCE021786C3DCCFD2C22EBF643EE36 C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys 8EDE91FBAC7BF7605323C517C717A253 C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys DC4CB3626E7423B9D83CF1B4857FDF15 C:\Windows\System32\DRIVERS\wanarp.sys DC4CB3626E7423B9D83CF1B4857FDF15 C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\drivers\WinisoCDBus.sys BC67C1E4B36063968E54C3B2E4DB8978 C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys 0C0195C48B6B8582FA6F6373032118DA C:\Windows\System32\DRIVERS\WinUSB.SYS FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys 6E5FE85FC15590EF509A6D217C65F9BE C:\Windows\system32\drivers\wmiacpi.sys 43471A750D4F3918AC92F5131AE252D3 C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Files in the root of some directories ======= 2016-01-09 03:28 - 2016-01-09 03:28 - 000000030 _____ () C:\Program Files (x86)\Exiferupdate.ini 2016-02-10 00:27 - 2016-12-04 02:30 - 000000600 _____ () C:\Users\xXxXx\AppData\Roaming\winscp.rnd 2015-12-13 18:13 - 2018-06-09 15:01 - 000007665 _____ () C:\Users\xXxXx\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2016-02-09 16:46 - 2016-02-09 16:46 - 000003584 _____ () C:\Users\xXxXx\AppData\Local\Temp\7CEB9B2A0E395BD64E74381485A106AF.dll 2016-02-09 16:46 - 2016-02-09 16:46 - 000003072 _____ () C:\Users\xXxXx\AppData\Local\Temp\A1D76FF97175BF79025AB7AA1DDF0A2A.dll 2016-02-09 16:46 - 2016-02-09 16:46 - 000090112 _____ () C:\Users\xXxXx\AppData\Local\Temp\dup2patcher.dll 2014-09-24 00:42 - 2014-09-24 00:42 - 000013824 _____ () C:\Users\xXxXx\AppData\Local\Temp\gkey.exe 2016-02-09 03:24 - 2016-02-09 03:24 - 000065024 _____ () C:\Users\xXxXx\AppData\Local\Temp\mgwz.dll 2016-07-02 14:57 - 2016-07-02 14:57 - 001833216 _____ (Microsoft Corporation) C:\Users\xXxXx\AppData\Local\Temp\msxml6-KB927977-enu-amd64.exe 2018-01-02 01:56 - 2018-01-02 01:56 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_2018115612769.dll 2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811827201.dll 2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811827298.dll 2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811827374.dll 2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811827652.dll 2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811827742.dll 2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_20181182795.dll 2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811828776.dll 2018-01-02 02:54 - 2018-01-02 02:54 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_2018125426629.dll 2018-03-24 17:15 - 2018-03-24 17:15 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_2018324151420.dll 2016-12-02 22:32 - 2016-12-02 22:32 - 001042784 _____ (Microsoft Corporation) C:\Users\xXxXx\AppData\Local\Temp\PidGenX.dll 2015-03-02 14:25 - 2015-03-02 14:25 - 000027648 _____ () C:\Users\xXxXx\AppData\Local\Temp\pkeyui.exe 2017-12-26 03:43 - 2017-12-26 03:43 - 000043520 ____N () C:\Users\xXxXx\AppData\Local\Temp\proxy_vole7096985200518914322.dll 2015-03-01 19:09 - 2016-01-09 07:00 - 000048848 _____ () C:\Users\xXxXx\AppData\Local\Temp\wabk.exe 2018-03-31 03:06 - 2018-03-31 03:37 - 000002000 _____ () C:\Users\xXxXx\AppData\Local\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll Some zero byte size files/folders: ========================== C:\Windows\System32\SetupDLL.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=C: path \bootmgr description Windows Boot Manager locale de-DE inherit {globalsettings} default {current} resumeobject {8475e030-a1ca-11e5-9225-ca89b242d27e} displayorder {current} {b9c04f25-ce9d-11e5-ae2b-1c6f65485878} {b9c04f1b-ce9d-11e5-ae2b-1c6f65485878} {b9c04f22-ce9d-11e5-ae2b-1c6f65485878} {b9c04f23-ce9d-11e5-ae2b-1c6f65485878} {ntldr} {b9c04f20-ce9d-11e5-ae2b-1c6f65485878} {ee3d8d2f-be09-43df-965b-732329837dc6} {b9c04f1d-ce9d-11e5-ae2b-1c6f65485878} {b9c04f1e-ce9d-11e5-ae2b-1c6f65485878} {b9c04f24-ce9d-11e5-ae2b-1c6f65485878} toolsdisplayorder {memdiag} timeout 10 displaybootmenu Yes Windows-Startladeprogramm ------------------------- Bezeichner {current} device boot path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {8475e032-a1ca-11e5-9225-ca89b242d27e} recoveryenabled Yes osdevice boot systemroot \Windows resumeobject {8475e030-a1ca-11e5-9225-ca89b242d27e} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {8475e032-a1ca-11e5-9225-ca89b242d27e} device ramdisk=[C:]\Recovery\8475e032-a1ca-11e5-9225-ca89b242d27e\Winre.wim,{8475e033-a1ca-11e5-9225-ca89b242d27e} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\8475e032-a1ca-11e5-9225-ca89b242d27e\Winre.wim,{8475e033-a1ca-11e5-9225-ca89b242d27e} systemroot \windows nx OptIn winpe Yes Windows-Startladeprogramm ------------------------- Bezeichner {b9c04f22-ce9d-11e5-ae2b-1c6f65485878} device ramdisk=[C:]\DeploymentShare\Boot\LiteTouchPE_x64.wim,{b9c04f21-ce9d-11e5-ae2b-1c6f65485878} path \Windows\System32\Boot\winload.exe description WIM DeploymentShare WinPE LiteTouchPEx64 locale de-DE osdevice ramdisk=[C:]\DeploymentShare\Boot\LiteTouchPE_x64.wim,{b9c04f21-ce9d-11e5-ae2b-1c6f65485878} systemroot \Windows nx OptIn pae Default detecthal Yes winpe Yes sos No debug No Windows-Startladeprogramm ------------------------- Bezeichner {b9c04f25-ce9d-11e5-ae2b-1c6f65485878} device vhd=[locate]\Desinf2019.vhd path \Windows\system32\winload.exe description Desinf2019 VHD locale en-US osdevice vhd=[locate]\Desinf2019.vhd systemroot \Windows resumeobject {c3bebfb8-65a4-11e8-a7fb-806e6f6e6963} detecthal No winpe No Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {8475e030-a1ca-11e5-9225-ca89b242d27e} device boot path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {c3bebfb8-65a4-11e8-a7fb-806e6f6e6963} device vhd=[D:]\Desinf2019.vhd path \Windows\system32\winresume.exe description Desinf2019 VHD locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes Windows-Legacybetriebssystem-Ladeprogramm ----------------------------------------- Bezeichner {ntldr} device partition=\Device\HarddiskVolume2 path \ntldr description winxp black install locale de-DE Echtmodus-Startabschnitt ------------------------ Bezeichner {b9c04f1b-ce9d-11e5-ae2b-1c6f65485878} device partition=C: path \NST\NeoGrub.mbr description NeoGrub Bootloader locale de-DE custom:250000c2 0 Echtmodus-Startabschnitt ------------------------ Bezeichner {b9c04f1d-ce9d-11e5-ae2b-1c6f65485878} device partition=C: path \NST\AutoNeoGrub1.mbr description NeoSmart ISO Entry kali custom:250000c2 0 Echtmodus-Startabschnitt ------------------------ Bezeichner {b9c04f1e-ce9d-11e5-ae2b-1c6f65485878} device partition=C: path NST\syslinux\isolinux.bin description NST syslinux locale de-DE Echtmodus-Startabschnitt ------------------------ Bezeichner {b9c04f1f-ce9d-11e5-ae2b-1c6f65485878} description NST syslinux other ID Echtmodus-Startabschnitt ------------------------ Bezeichner {b9c04f20-ce9d-11e5-ae2b-1c6f65485878} device partition=C: path \NST\AutoNeoGrub2.mbr description AOSS iso custom:250000c2 0 Echtmodus-Startabschnitt ------------------------ Bezeichner {b9c04f23-ce9d-11e5-ae2b-1c6f65485878} device partition=C: path \NST\AutoNeoGrub3.mbr description ISO DeploymentShare WinPE LiteTouchPEx64 custom:250000c2 0 Echtmodus-Startabschnitt ------------------------ Bezeichner {b9c04f24-ce9d-11e5-ae2b-1c6f65485878} device partition=C: path \NST\AutoNeoGrub4.mbr description MultiBoot2k10DVDUSBHDD510.iso locale de-DE custom:250000c2 0 Echtmodus-Startabschnitt ------------------------ Bezeichner {ee3d8d2f-be09-43df-965b-732329837dc6} device partition=C: path \NST\grldr.mbr description Grub for Dos locale de-DE EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger�teoptionen -------------- Bezeichner {8475e033-a1ca-11e5-9225-ca89b242d27e} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\8475e032-a1ca-11e5-9225-ca89b242d27e\boot.sdi Optionen zum RAM-Datentr�gersetup --------------------------------- Bezeichner {ramdiskoptions} description RamdiskOptions ramdisksdidevice partition=C: ramdisksdipath \NST\boot.sdi Ger�teoptionen -------------- Bezeichner {b9c04f21-ce9d-11e5-ae2b-1c6f65485878} description WIM DeploymentShare WinPE LiteTouchPEx64 ramdisksdidevice partition=C: ramdisksdipath \NST\boot.sdi LastRegBack: 2018-06-29 21:09 ==================== End of FRST.txt ============================ --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- FRST64 - Addition [CODE]Additional FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018 Ran by xXxXx (30-06-2018 08:24:22) Running from F:\Downloads von xXxXx\Farbar Recovery Scan Tool FRST64 - Download - Filepony Windows 7 Ultimate Service Pack 1 (X64) (2015-12-13 10:06:32) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-460318521-3142920051-2641109734-500 - Administrator - Disabled) Guest (S-1-5-21-460318521-3142920051-2641109734-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-460318521-3142920051-2641109734-1002 - Limited - Disabled) xXxXx (S-1-5-21-460318521-3142920051-2641109734-1000 - Administrator - Enabled) => C:\Users\xXxXx ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 17.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1701-000001000000}) (Version: 17.01.00.0 - Igor Pavlov) µTorrent (HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.) ACDSee Photo Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.108 - ACD Systems International) Ace Video Converter (HKLM-x32\...\Ace Video Converter_is1) (Version: 3.8 - XetoWare) Acoustica Premium Edition 6.0 (HKLM-x32\...\{B0AB0E72-A179-4B1E-813B-BBA1344819A5}_is1) (Version: 6.0.19 - Acon AS) Acoustica Standard Edition 5.0 (HKLM-x32\...\Acoustica Standard Edition_is1) (Version: 5.0 - Acon AS) Active@ Data Studio 10 (HKLM\...\{E59278D4-C877-449A-8183-E3C995270768}_is1) (Version: 10 - LSoft Technologies Inc) Active@ LiveCD 3 (HKLM-x32\...\{E5B6F199-B086-4676-B691-4EC11E88B6E9}_is1) (Version: 3 - LSoft Technologies Inc) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated) Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated) Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated) Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.) AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design) AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Anti-Twin (Installation 5/26/2016) (HKLM-x32\...\Anti-Twin 2016-05-26 17.24.00) (Version: - Joerg Rosenthal, Germany) ATI - Dienstprogramm zur Deinstallation der Software (HKLM-x32\...\All ATI Software) (Version: 6.14.10.1022 - ) ATI AVIVO Codecs (HKLM-x32\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 10.0.0.40103 - ATI Technologies Inc.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AusweisApp2 (HKLM-x32\...\{385F3958-A62E-49B8-9C2B-9A451664325C}) (Version: 1.8.0 - Governikus GmbH & Co. KG) Awesome Duplicate Photo Finder v. 1.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version: - Duplicate-Finder.com) Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.) BleachBit (HKLM-x32\...\BleachBit) (Version: 1.17 - BleachBit) C2DtoG15 2.0.2.1 (HKLM-x32\...\{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1) (Version: - ) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev) Chromodo (HKLM-x32\...\Chromodo) (Version: 52.15.25.665 - Comodo) Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 57.0.4.44 - COMODO) Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.0.0.113 - Corel Corporation) DiskInternals CD-DVD Recovery (HKLM-x32\...\DiskInternals CD-DVD Recovery) (Version: 4.1 - DiskInternals Research) DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.2 - DiskInternals Research) Driver Magician 3.9 (HKLM-x32\...\Driver Magician_is1) (Version: - GoldSolution Software, Inc.) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) Eassos PartitionGuru 4.7.1 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version: - Eassos Co., Ltd.) EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies) Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft) Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - ) Everything 1.4.1.877 (x64) (HKLM\...\{DD18B1CC-A588-4A92-9850-5753E2E8F404}) (Version: 1.4.877 - David Carpenter) Exifer (HKLM-x32\...\Exifer_is1) (Version: - Friedemann Schmidt) Extreme Picture Finder 3.38.2 (HKLM-x32\...\Extreme Picture Finder_is1) (Version: 3.38.2 - Extreme Internet Software) f.lux (HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\Flux) (Version: - ) File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools) FileAlyzer 2 (HKLM-x32\...\{29D3773E-54F4-23C2-D523-236A4453B845}_is1) (Version: 2.0.5.57 - Safer Networking Limited) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.) ICA (HKLM-x32\...\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.0.0.113 - Corel Corporation) Hidden IcoFX 1.6.4 (HKLM-x32\...\IcoFX_is1) (Version: - ) IPM_PSP_COM64 (HKLM\...\{1678F86C-889D-4198-8249-F4625058256B}) (Version: 16.0.0.113 - Corel Corporation) Hidden IrfanView (uninstall) (HKLM\...\IrfanView) (Version: - ) Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.03.0000 - Ihr Firmenname) Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation) JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kaspersky Total Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden Kaspersky Total Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Logitech GamePanel Software 3.01 (HKLM\...\{15D97451-1520-4551-BE2D-BCDE2DF22EA7}) (Version: 3.01.180 - Logitech) Marvell MRU V4 (HKLM-x32\...\mv61xxMRU) (Version: 4.1.0.1700 - Marvell) Media Feature Pack for Windows 7 N and KN (HKLM-x32\...\{59ba0f4a-dcb6-4377-a4f1-d86816a82500}) (Version: 1.0.0 - Microsoft) Hidden Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.4 - CEWE Stiftung u Co. KGaA) Microsoft .NET Framework 4.7.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.7.02558 - Microsoft Corporation) Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation) Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation) Microsoft Deployment Toolkit (6.3.8450.1000) (HKLM\...\{38D2CBE2-862C-4C39-8D65-A4C1C2220160}) (Version: 6.3.8450.1000 - Microsoft Corporation) Microsoft Download Manager (HKLM-x32\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) MP3-Info extension V3.4.24 (HKLM\...\MP3-Info extension_is1) (Version: 3.4.24 - Fabian Cenedese) Mp3tag v2.77 (HKLM-x32\...\Mp3tag) (Version: v2.77 - Florian Heidenreich) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Music Manager (HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\MusicManager) (Version: - Google, Inc.) nLite 1.4.9.3 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi)) Opera developer 55.0.2991.0 (HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\Opera 55.0.2991.0) (Version: 55.0.2991.0 - Opera Software) Oracle VM VirtualBox 5.2.0 (HKLM\...\{9DF09FCF-7F55-402E-AAB8-67FFBA56EA3B}) (Version: 5.2.0 - Oracle Corporation) PowerShell-6.0.1-x64 (HKLM\...\{2AA39A40-9624-4997-8E1F-062BA577DB54}) (Version: 6.0.1.0 - Microsoft Corporation) PSPPContent (HKLM-x32\...\{162BD2D6-6C63-41A7-8151-93188450D36A}) (Version: 16.0.0.113 - Corel Corporation) Hidden PSPPHelp (HKLM-x32\...\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}) (Version: 16.0.0.113 - Corel Corporation) Hidden PSPPro64 (HKLM\...\{16582334-495C-4F1C-A66B-3BFD8866B674}) (Version: 16.0.0.113 - Corel Corporation) Hidden PuTTY release 0.66 (HKLM-x32\...\PuTTY_is1) (Version: 0.66 - Simon Tatham) QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version: - ) R1soft-VHD-Explorer (HKLM-x32\...\R1soft-VHD-Explorer) (Version: - ) RarmaRadio 2.71.1 (HKLM-x32\...\RarmaRadio_is1) (Version: - RaimerSoft) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) RegAlyzer (HKLM-x32\...\{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1) (Version: 1.6.2.16 - Safer-Networking Ltd.) RegEditX (HKLM-x32\...\RegEditX) (Version: - ) Registry Crawler (HKLM-x32\...\Registry Crawler) (Version: - ) Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.) SARDU 2.0.6.5 (HKLM-x32\...\SARDU) (Version: 2.0.6.5 - Davide Costa) Setup (HKLM-x32\...\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}) (Version: 16.0.0.113 - Ihr Firmenname) Hidden SSD Tweaker version 3.6.0 (HKLM-x32\...\{83FA601A-241A-4956-8A21-F7D525C4422F}_is1) (Version: 3.6.0 - Elpamsoft.com) Stellar Phoenix (FAT & NTFS) 2.1 (HKLM-x32\...\Stellar Phoenix FAT & NTFS_is1) (Version: - Stellar Information Systems Ltd) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group) TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector) UsbFix Anti-Malware Premium (HKLM-x32\...\UsbFix) (Version: 10.0.2.1 - SOSVirus (SOSVirus.Net)) Vhd Resizer (HKLM-x32\...\{8FAA57C5-7BD1-4285-B4B1-36D7337D7BE5}) (Version: 1.0.42 - Xcarab) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes) VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN) Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation) Windows Device Recovery Tool 3.8.19701 (HKLM-x32\...\{8C37503C-DB65-4BB0-855D-4A1AFCC62C55}) (Version: 3.8.19701 - Microsoft) Windows PowerShell 2.0 Software Development Kit (SDK) (HKLM-x32\...\{F0673FA3-F746-42E9-AC37-33337CA37B39}) (Version: 2.0.0.0 - Microsoft Corporation) WinISO (HKLM-x32\...\WinISO) (Version: 6.2.0.4637 - WinISO Computing Inc.) WinRAR 5.50 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl) Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.) ZebHelpProcess 2016 (HKLM-x32\...\ZebHelpProcess_is1) (Version: 2015 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-460318521-3142920051-2641109734-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\xXxXx\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-460318521-3142920051-2641109734-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\xXxXx\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-460318521-3142920051-2641109734-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\xXxXx\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers1: [IXnView] -> {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} => D:\XnView-v2.34-win-full\ShellEx\xnviewshellext64.dll [2015-02-18] () ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-05-06] (AO Kaspersky Lab) ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-04-23] (Florian Heidenreich) ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-05-06] (AO Kaspersky Lab) ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-04-23] (Florian Heidenreich) ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG) ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] () ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers4-x32: [DiskInternals_cd_recovery] -> {6DD33479-D4D0-4666-93C8-F6DC46668518} => C:\Program Files (x86)\DiskInternals\CD and DVD Recovery\contmenu.dll [2005-01-15] () ContextMenuHandlers4-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-05-06] (AO Kaspersky Lab) ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-04-23] (Florian Heidenreich) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers6-x32: [ContMenu] -> {FCF608CF-5716-47C3-A1A8-991D873AF72B} => C:\Program Files (x86)\Exifer\ExiferShellExt.dll [2002-09-18] () ContextMenuHandlers6-x32: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => C:\ProgramData\AllDup\FEShlExt.dll [2008-08-20] (Alex Yakovlev) ContextMenuHandlers6-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-05-06] (AO Kaspersky Lab) ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1724059C-16F8-4543-8898-50E94E68C418} - System32\Tasks\{C2C9F29D-89C1-48F7-B299-A1A73523CBEC} => C:\Windows\system32\pcalua.exe -a C:\Users\xXxXx\Downloads\wm9viz.exe -d C:\Users\xXxXx\Downloads Task: {36F03642-72A2-4077-A795-B56CDC12CB6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {4626991D-5DB7-4DFF-A654-5C6088F6CCB8} - \AutoPico Daily Restart -> No File <==== ATTENTION Task: {47CC4D60-BF85-465C-9054-F7545A190E1E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-05-05] (Adobe Systems Incorporated) Task: {637819C8-07E0-4243-BA80-2B977A6A555F} - System32\Tasks\{4EDAC0CE-1C66-4488-8CD9-93AB77A00FF5} => C:\Windows\system32\pcalua.exe -a "F:\win7 update - AutoPatcher-self\modules\Components\__dotnet\dotNET-x86-x64_files\dotnetfx35.exe" -d "F:\win7 update - AutoPatcher-self\modules\Components\__dotnet\dotNET-x86-x64_files" Task: {694045A7-31D6-4AB1-A5FD-C73F983E9D9F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => D:\Microsoft Office 2016 Pro Plus\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {7779BB18-193B-449C-8096-C3D8089D2A36} - System32\Tasks\{F19D4934-A517-4984-BC74-D74ADA42FD05} => C:\Program Files (x86)\MetaEdit\MetaEdit.exe Task: {79AF2D21-A24F-4AD6-ADEC-6900D93548E1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => D:\Microsoft Office 2016 Pro Plus\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {7B5B7838-430D-4170-AB61-AAFCD1C33D31} - System32\Tasks\{EA4CBCC6-42E4-4744-A08F-12DA58A8FA0E} => C:\Program Files (x86)\MetaEdit\MetaEdit.exe Task: {91909C68-8B5A-4551-A0AF-345388CB4E03} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-460318521-3142920051-2641109734-1000Core => C:\Users\xXxXx\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.) Task: {AB52FBCD-E268-41B9-95E3-8EC436442B48} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-05-05] (Adobe Systems Incorporated) Task: {B006D960-C520-41E2-A216-0AF46D2ED247} - System32\Tasks\File List - sammlung XnXX dev => C:\Program Files\Everything\Everything.exe [2017-06-07] () Task: {B6AFEB82-DDB1-49C7-952A-A22F6ABA8F8C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-05] (Adobe Systems Incorporated) Task: {BCC66030-D7F4-401C-B6D1-0E548A3FAFF9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) Task: {E288CBC2-ED48-4829-A96E-690BACAD211D} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-03-03] (AO Kaspersky Lab) Task: {E2EC75B8-6C96-4BB6-91E1-EEE32CE23932} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-460318521-3142920051-2641109734-1000UA => C:\Users\xXxXx\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.) Task: {E5DF6778-E2F4-4A3E-9252-93A9F7361923} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-22] () Task: {F214E4C3-4766-4689-8123-8044E23E4907} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {F30D9358-51C3-40AF-8991-7D062C2B3746} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-07-01] () Task: {FA42B34E-9CB3-4633-B621-FFEA7A2894FB} - System32\Tasks\Opera scheduled Autoupdate 1475947844 => C:\Users\xXxXx\AppData\Local\Programs\Opera developer\launcher.exe [2018-06-19] (Opera Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\xXxXx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b6f30aa888ecb7d7\Chromodo Profile 1.lnk -> C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe (Comodo) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2015-12-26 17:04 - 2012-04-01 01:06 - 002689536 _____ () C:\Program Files\File Shredder\fsshell.dll 2016-01-09 11:07 - 2015-02-18 21:46 - 002383360 _____ () D:\XnView-v2.34-win-full\ShellEx\xnviewshellext64.dll 2017-06-07 12:12 - 2017-06-07 12:12 - 002197608 _____ () C:\Program Files\Everything\Everything.exe 2018-06-30 05:35 - 2018-06-30 05:23 - 003256192 _____ () C:\Users\xXxXx\AppData\Roaming\ZHP\ZHPCleaner.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [175] AlternateDataStreams: C:\ProgramData\TEMP:8331D35A [328] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\127.0.0.1 -> hxxp://127.0.0.1 IE trusted site: HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\localhost -> hxxp://localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2016-06-11 10:36 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-460318521-3142920051-2641109734-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe FirewallRules: [{758BE49C-77E3-4EE6-80BB-5B8D47EC25ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{4DBAEFA5-2FF7-4580-A629-BA3DA92BA344}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{4FA00CF7-EDC0-4AD5-9882-7DF5541C8B56}] => (Allow) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe FirewallRules: [{DE1985DE-D068-4E5D-ACF2-14887B23BBFE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe FirewallRules: [{4EEBA4D5-AC31-41B0-9F18-A980335C6447}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{FC5F59FE-3562-468E-AFE5-FB3CB2551759}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{1C230CC6-EB20-48B1-9A02-BE589FEF2F01}] => (Allow) D:\Microsoft Office 2016 Pro Plus\Office16\outlook.exe FirewallRules: [{2C54F146-BD90-4319-81B4-8CB9515DC5CD}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C9774200-F835-42B8-8957-A3F8FE9B94AA}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EE9B180C-E120-4ABA-82B3-47782B6F8FE7}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D99CDEEA-6AA8-4584-A4DA-D476E55BB4D3}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{699B8778-9537-45FD-8EC4-627FCC714C60}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C8CF861D-F599-4066-9966-7BE0E3D81D2D}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2 1.8.0\AusweisApp2.exe FirewallRules: [{8469D37B-E3CC-4B66-A972-E3CFD9592315}] => (Allow) LPort=24727 FirewallRules: [{9BE5118B-11D9-482F-916B-CD302D821901}] => (Allow) C:\Users\xXxXx\AppData\Local\Programs\Opera developer\43.0.2420.0\opera.exe FirewallRules: [{D173F105-B168-464F-9F85-8DDCFED8C139}] => (Allow) C:\Users\xXxXx\AppData\Local\Programs\Opera developer\55.0.2985.0\opera.exe FirewallRules: [{BEF84F52-7A1B-473C-9274-15E057F9BC88}] => (Allow) C:\Users\xXxXx\AppData\Local\Programs\Opera developer\55.0.2991.0\opera.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: VirtualBox Host-Only Ethernet Adapter Description: VirtualBox Host-Only Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Oracle Corporation Service: VBoxNetAdp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Kaspersky Security Data Escort Adapter Description: Kaspersky Security Data Escort Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Kaspersky Security Data Escort Provider Service: kltap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Kaspersky Lab power events provider Description: Kaspersky Lab power events provider Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: KL Service: klhk Problem: : Windows cannot initialize the device driver for this hardware. (Code 37) Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors: ================== Error: (06/30/2018 08:14:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: aswmbr.exe, Version: 1.0.1.2290, Zeitstempel: 0x54b4df14 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.24150, Zeitstempel: 0x5b0cb980 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e4e3 ID des fehlerhaften Prozesses: 0x470 Startzeit der fehlerhaften Anwendung: 0x01d41038ab18ce1c Pfad der fehlerhaften Anwendung: C:\Users\xXxXx\Downloads\aswmbr.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: ce91f0fe-7c2c-11e8-bca9-1c6f65485878 Error: (06/30/2018 05:12:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: rcrawler.exe, Version: 4.5.0.3, Zeitstempel: 0x3e47687a Name des fehlerhaften Moduls: rcrawler.exe, Version: 4.5.0.3, Zeitstempel: 0x3e47687a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002ef3d ID des fehlerhaften Prozesses: 0x1e70 Startzeit der fehlerhaften Anwendung: 0x01d41018fdb315a3 Pfad der fehlerhaften Anwendung: C:\PROGRA~2\DCSOFT~1\REGIST~1.5\rcrawler.exe Pfad des fehlerhaften Moduls: C:\PROGRA~2\DCSOFT~1\REGIST~1.5\rcrawler.exe Berichtskennung: 5f5fba59-7c13-11e8-8d29-1c6f65485878 Error: (06/30/2018 12:44:45 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (06/29/2018 07:54:07 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (06/24/2018 07:40:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: aswmbr.exe, Version: 1.0.1.2290, Zeitstempel: 0x54b4df14 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.24150, Zeitstempel: 0x5b0cb980 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e4e3 ID des fehlerhaften Prozesses: 0x1714 Startzeit der fehlerhaften Anwendung: 0x01d40b7cc0c94ec6 Pfad der fehlerhaften Anwendung: C:\Users\xXxXx\Downloads\aswmbr.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 20caafd3-7771-11e8-a64c-1c6f65485878 Error: (06/24/2018 12:42:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (06/23/2018 09:31:32 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (06/22/2018 07:19:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm DiscRecovery.exe, Version 4.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 710 Startzeit: 01d40a4a971a662d Endzeit: 7 Anwendungspfad: C:\Program Files (x86)\DiskInternals\CD and DVD Recovery\DiscRecovery.exe Berichts-ID: 68d61f29-7640-11e8-b894-1c6f65485878 System errors: ============= Error: (06/30/2018 07:24:58 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "MSIServer" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {000C101C-0000-0000-C000-000000000046} Error: (06/30/2018 07:19:20 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: Bei DCOM ist der Fehler "1068" aufgetreten, als der Dienst "fdPHost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {D3DCB472-7261-43CE-924B-0704BD730D5F} Error: (06/30/2018 07:19:20 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: Bei DCOM ist der Fehler "1068" aufgetreten, als der Dienst "fdPHost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {145B4335-FE2A-4927-A040-7C35AD3180EF} Error: (06/30/2018 07:18:06 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/30/2018 07:18:01 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "ShellHWDetection" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (06/30/2018 07:18:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden. Error: (06/30/2018 07:18:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden. Error: (06/30/2018 07:18:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden. Windows Defender: =================================== Date: 2016-08-20 22:07:10.738 Description: Bei der Windows Defender-Überprüfung wurde Spyware oder mögliche unerwünschte Software entdeckt. Weitere Informationen finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Joke:Win32/CloseCD&threatid=9392 Name:Joke:Win32/CloseCD ID:9392 Schweregrad:Niedrig Kategorie:Spaßprogramm Gefundener Pfad:containerfile:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92;containerfile:C:\Users\xXxXx\Downloads\cd.zip;file:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92;file:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92->open_cd.exe;file:C:\Users\xXxXx\AppData\Local\Temp\Temp1_cd.zip\open_cd.exe;file:C:\Users\xXxXx\Downloads\cd.zip->open_cd.exe;internalfileproxy:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|C:\Users\xXxXx\Downloads\cd.zip;process:pid:2464;webfile:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|hxxp://www.rjlsoftware.com/download/cd.zip;webfile:C:\Users\xXxXx\Downloads\cd.zip|hxxp://www.rjlsoftware.com/download/cd.zip Feststellungstyp:Konkret Feststellungsquelle:Downloads und Anlagen Status:Unbekannt Benutzer:xXxXxLogo\xXxXx Prozessname:C:\Program Files\Internet Explorer\iexplore.exe Date: 2016-08-20 22:06:42.661 Description: Bei der Windows Defender-Überprüfung wurde Spyware oder mögliche unerwünschte Software entdeckt. Weitere Informationen finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Joke:Win32/CloseCD&threatid=9392 Name:Joke:Win32/CloseCD ID:9392 Schweregrad:Niedrig Kategorie:Spaßprogramm Gefundener Pfad:containerfile:C:\Users\xXxXx\Downloads\cd.zip;file:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92;file:C:\Users\xXxXx\AppData\Local\Temp\Temp1_cd.zip\open_cd.exe;file:C:\Users\xXxXx\Downloads\cd.zip->open_cd.exe;internalfileproxy:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|C:\Users\xXxXx\Downloads\cd.zip;process:pid:2464;webfile:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|hxxp://www.rjlsoftware.com/download/cd.zip;webfile:C:\Users\xXxXx\Downloads\cd.zip|hxxp://www.rjlsoftware.com/download/cd.zip Feststellungstyp:Konkret Feststellungsquelle:Downloads und Anlagen Status:Unbekannt Benutzer:xXxXxLogo\xXxXx Prozessname:C:\Program Files\Internet Explorer\iexplore.exe Date: 2016-08-20 22:06:41.678 Description: Bei der Windows Defender-Überprüfung wurde Spyware oder mögliche unerwünschte Software entdeckt. Weitere Informationen finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Joke:Win32/CloseCD&threatid=9392 Name:Joke:Win32/CloseCD ID:9392 Schweregrad:Niedrig Kategorie:Spaßprogramm Gefundener Pfad:containerfile:C:\Users\xXxXx\Downloads\cd.zip;file:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92;file:C:\Users\xXxXx\AppData\Local\Temp\Temp1_cd.zip\open_cd.exe;file:C:\Users\xXxXx\Downloads\cd.zip->open_cd.exe;internalfileproxy:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|C:\Users\xXxXx\Downloads\cd.zip;webfile:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|hxxp://www.rjlsoftware.com/download/cd.zip;webfile:C:\Users\xXxXx\Downloads\cd.zip|hxxp://www.rjlsoftware.com/download/cd.zip Feststellungstyp:Konkret Feststellungsquelle:Downloads und Anlagen Status:Unbekannt Benutzer:xXxXxLogo\xXxXx Prozessname:C:\Program Files\Internet Explorer\iexplore.exe Date: 2016-08-20 22:01:31.961 Description: Bei der Windows Defender-Überprüfung wurde Spyware oder mögliche unerwünschte Software entdeckt. Weitere Informationen finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Joke:Win32/CloseCD&threatid=9392 Name:Joke:Win32/CloseCD ID:9392 Schweregrad:Niedrig Kategorie:Spaßprogramm Gefundener Pfad:containerfile:C:\Users\xXxXx\Downloads\cd.zip;file:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92;file:C:\Users\xXxXx\Downloads\cd.zip->open_cd.exe;internalfileproxy:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|C:\Users\xXxXx\Downloads\cd.zip;webfile:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|hxxp://www.rjlsoftware.com/download/cd.zip;webfile:C:\Users\xXxXx\Downloads\cd.zip|hxxp://www.rjlsoftware.com/download/cd.zip Feststellungstyp:Konkret Feststellungsquelle:Downloads und Anlagen Status:Unbekannt Benutzer:xXxXxLogo\xXxXx Prozessname:C:\Program Files\Internet Explorer\iexplore.exe CodeIntegrity: =================================== Date: 2018-01-02 14:02:40.623 Description: Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2018-01-02 14:02:40.561 Description: Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2018-01-02 14:02:40.499 Description: Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2018-01-02 14:02:40.438 Description: Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2018-01-02 14:02:40.376 Description: Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2018-01-02 14:02:40.313 Description: Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2018-01-02 14:02:40.252 Description: Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. Date: 2018-01-02 14:02:40.190 Description: Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X6 1090T Processor Percentage of memory in use: 45% Total physical RAM: 4093.55 MB Available physical RAM: 2217.84 MB Total Virtual: 8185.27 MB Available Virtual: 6397.41 MB ==================== Drives ================================ Drive c: (M2.128GB) (Fixed) (Total:77.28 GB) (Free:6.32 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (M2.25GB) (Fixed) (Total:24.74 GB) (Free:5.91 GB) NTFS Drive f: (WD10EZRX.1TB) (Fixed) (Total:931.51 GB) (Free:15.5 GB) NTFS Drive j: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:58.93 GB) NTFS \\?\Volume{cc43b4aa-b07a-11e5-8ab6-806e6f6e6963}\ (M2.10GB) (Fixed) (Total:9.76 GB) (Free:1.91 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 1C8EEB54) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 00000001) Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 837474D1) Partition 1: (Active) - (Size=77.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=24.7 GB) - (Type=0F Extended) ======================================================== Disk: 3 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A73A8EC5) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ --- --- --- --- --- --- AdwCleaner Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 7.1.1.0 # ------------------------------- # Build: 04-27-2018 # Database: 2018-04-24.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 07-07-2018 # Duration: 00:00:08 # OS: Windows 7 Ultimate # Scanned: 40734 # Detected: 13 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.DriverPack C:\Users\xXxXx\AppData\Roaming\DRPSu PUP.Optional.Qweb C:\ProgramData\Qweb ***** [ Files ] ***** PUP.Optional.SpyHunter C:\Users\xXxXx\Downloads\SpyHunter-Installer.exe ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.DriverPack HKCU\Software\drpsu PUP.Optional.DriverPack HKLM\Software\Wow6432Node\drpsu PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## Code:
ATTFilter C:\Program Files (x86)\Your Uninstaller! 7\guninstaller.exe Variante von Win32/Toolbar.Babylon.AK eventuell unerwünschte Anwendung C:\Users\xXxXx\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\31.2.5_0\popup.html JS/Chromex.Agent.AP Trojaner C:\Users\xXxXx\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\31.2.5_0\js\background.js JS/Chromex.Agent.AP Trojaner C:\Users\xXxXx\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\31.2.5_0\js\contentScripts\contentScript.js JS/Chromex.Agent.AP Trojaner C:\Users\xXxXx\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\31.2.5_0\js\popup\Popup.js JS/Chromex.Agent.AP Trojaner C:\Users\xXxXx\AppData\Roaming\Opera Software\Opera Developer\Extensions\ipjignndhlpeimkmgpfnappdcohjealh\1.5.2_0\js\contentScripts\contentScript.js JS/Chromex.Agent.AP Trojaner C:\Users\xXxXx\AppData\Roaming\Opera Software\Opera Developer\Extensions\neacgcjokggofibnbfapeaejhclmpple\1.5.3_0\js\contentScripts\contentScript.js JS/Chromex.Agent.AP Trojaner C:\Users\xXxXx\Downloads\Setupe-2.8.1.1130 Build RePack by KpoJIuK.exe Variante von Generik.FFAPEFE Trojaner C:\Users\xXxXx\Downloads\PE Scanner Microsoft_pe-scanner-bin-v1.0.2.7\plugins\peid_plugins\SmartOVR.dll Variante von Generik.MRAZYUF Trojaner F:\Dokumente von xXxXx\offnenDVD.vbs VBS/CDEject.I Trojaner F:\Downloads von xXxXx\installer_jdownloader2_2844787173.exe Win32/InstallCore.Gen.A eventuell unerwünschte Anwendung F:\Downloads von xXxXx\portexpert_lite_1.3.2.5.exe Variante von Win32/Kcsoft.A eventuell unerwünschte Anwendung F:\Downloads von xXxXx\WinMend-File-Splitter.exe Win32/SunnyDigits.D Trojaner,Variante von Win32/SunnyDigits.D Trojaner F:\Downloads von xXxXx\WinRAR.5.50.exe Win32/Adware.HiRu.J Anwendung F:\Downloads von xXxXx\wsc_x6v1610_full.exe Variante von Win32/UwS.WinSysClean.A Anwendung F:\Downloads von xXxXx\JDownloader\tools\Windows\kikin\kikin_installer.exe Variante von Win32/Kikin.A eventuell unerwünschte Anwendung F:\Downloads von xXxXx\Tools\Registry.Winner.6.6.8.30.MD\RegistryWinner_Setup.exe Variante von Win32/Adware.RegistryVictor.A Anwendung |
27.07.2018, 22:47 | #3 |
| Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) Log 7 ComboFix
__________________Code:
ATTFilter ComboFix 18-06-17.01 - xXxXx 08.07.2018 12:50:21.1.6 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1033.18.4094.1514 [GMT 2:00] ausgeführt von:: c:\users\xXxXx\Downloads\Windows 7_ Probleme mit Adware und Crossrider Virus\ComboFix.exe AV: Kaspersky Total Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B} FW: Kaspersky Total Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} SP: Kaspersky Total Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725} SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ECD236AB79.sys c:\programdata\ntuser.pol c:\users\xXxXx\AppData\Local\assembly\tmp c:\users\xXxXx\AppData\Roaming\DRPSu c:\windows\SysWow64\MSCOMCTL.1 . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_WINISOCDBUS -------\Service_WinisoCDBus . . ((((((((((((((((((((((( Dateien erstellt von 2018-06-08 bis 2018-07-08 )))))))))))))))))))))))))))))) . . 2018-07-08 02:16 . 2018-07-08 02:16 -------- d-----w- c:\program files (x86)\FRITZ!Box Monitor 2018-07-08 00:51 . 2018-07-08 00:51 -------- d-----w- c:\program files\FRITZ!Box 2018-07-08 00:51 . 2018-07-08 00:51 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2018-07-07 03:02 . 2018-07-07 03:03 -------- d-----w- C:\AdwCleaner 2018-07-06 22:57 . 2018-07-08 10:37 -------- d-----w- c:\users\xXxXx\AppData\Local\CrashDumps 2018-07-06 19:10 . 2018-07-06 20:13 152688 ----a-w- c:\windows\system32\drivers\mbae64.sys 2018-07-06 19:10 . 2018-07-06 19:10 -------- d-----w- c:\programdata\Malwarebytes 2018-07-06 19:10 . 2018-07-06 19:10 -------- d-----w- c:\program files\Malwarebytes 2018-06-30 08:44 . 2018-06-30 08:44 -------- d-----w- c:\windows\AutoKMS 2018-06-30 04:57 . 2018-06-30 04:57 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared 2018-06-30 04:57 . 1999-11-12 03:11 183808 ----a-w- c:\windows\SysWow64\BDEADMIN.CPL 2018-06-30 04:57 . 1999-01-20 03:01 210032 ----a-w- c:\windows\SysWow64\DBCLIENT.DLL 2018-06-30 03:30 . 2018-06-30 08:45 -------- d-----w- c:\program files (x86)\UsbFix 2018-06-30 03:08 . 2018-06-30 03:08 -------- d-----w- c:\users\xXxXx\AppData\Roaming\Safer Networking 2018-06-24 04:16 . 2018-06-24 04:16 -------- d-----w- c:\users\xXxXx\AppData\Roaming\Notepad++ 2018-06-22 10:25 . 2018-07-07 03:07 -------- d-----w- c:\users\xXxXx\AppData\Roaming\ZHP 2018-06-16 11:02 . 2018-05-25 04:11 628736 ----a-w- c:\program files\Internet Explorer\jsprofilerui.dll 2018-06-16 11:02 . 2018-05-25 04:05 1217024 ----a-w- c:\program files\Internet Explorer\networkinspection.dll 2018-06-16 11:02 . 2018-05-25 03:50 579584 ----a-w- c:\program files (x86)\Internet Explorer\jsprofilerui.dll 2018-06-16 11:02 . 2018-05-25 03:45 1075200 ----a-w- c:\program files (x86)\Internet Explorer\networkinspection.dll 2018-06-16 11:02 . 2018-05-25 04:15 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2018-06-16 11:02 . 2018-05-25 05:10 25742848 ----a-w- c:\windows\system32\mshtml.dll 2018-06-16 11:02 . 2018-05-25 03:53 15283200 ----a-w- c:\windows\system32\ieframe.dll 2018-06-16 09:50 . 2018-02-10 17:26 51712 ----a-w- c:\windows\system32\sdchange.exe 2018-06-16 08:57 . 2018-06-16 08:57 -------- d-----w- c:\programdata\LGE 2018-06-16 08:57 . 2018-06-16 08:57 -------- d-----w- c:\programdata\HTC . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2018-06-01 16:46 . 2018-06-01 16:46 25392 ----a-w- c:\windows\system32\drivers\myfault.sys 2018-05-29 02:22 . 2018-06-16 10:57 44544 ----a-w- c:\windows\apppatch\acwow64.dll 2018-05-06 09:12 . 2017-12-24 11:39 142024 ----a-w- c:\windows\system32\drivers\klwtp.sys 2018-05-06 09:12 . 2017-12-24 11:39 1073344 ----a-w- c:\windows\system32\drivers\klif.sys 2018-05-06 09:12 . 2017-04-28 13:05 56520 ----a-w- c:\windows\system32\drivers\klim6.sys 2018-05-06 09:12 . 2017-12-24 11:39 206024 ----a-w- c:\windows\system32\drivers\klflt.sys 2018-05-06 09:12 . 2017-12-24 11:39 152360 ----a-w- c:\windows\system32\klhkum.dll 2018-05-06 09:12 . 2017-12-24 11:39 119496 ----a-w- c:\windows\system32\drivers\klbackupflt.sys 2018-05-06 09:12 . 2017-12-24 11:39 1192128 ----a-w- c:\windows\system32\drivers\klhk.sys 2018-05-05 15:45 . 2016-06-11 12:18 804864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2018-05-05 15:45 . 2016-06-11 12:18 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-07-31 09:01 1512152 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-07-31 09:01 1512152 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-07-31 09:01 1512152 ----a-w- c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "f.lux"="c:\users\xXxXx\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2015-08-19 3389160] "MRUTray"="c:\program files (x86)\Marvell\raid\tray\MarvellTray.exe" [2010-03-08 731176] "StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176] "FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2013-03-14 373760] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984] . c:\users\xXxXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ An OneNote senden.lnk - d:\microsoft office 2016 pro plus\Office16\ONENOTEM.EXE /tsr [2015-7-31 171696] C2DtoG15.lnk - c:\program files (x86)\C2DtoG15\C2DtoG15.exe [2016-1-23 596992] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 abelssoft_recordify;Abelssoft Recordify Audio Device (WDM);c:\windows\system32\drivers\recordify.sys;c:\windows\SYSNATIVE\drivers\recordify.sys [x] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] R3 ATICDSDr;ATICDSDr;c:\users\xXxXx\AppData\Local\Temp\ATICDSDr.sys;c:\users\xXxXx\AppData\Local\Temp\ATICDSDr.sys [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys;c:\windows\SYSNATIVE\DRIVERS\kltap.sys [x] R3 klvssbridge64_18.0.0;klvssbridge64_18.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [x] R3 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [x] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x] R3 LGJoyXlCore;Logitech xXxXxlation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x] R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x] R3 MYFAULT;MYFAULT;c:\windows\system32\drivers\myfault.sys;c:\windows\SYSNATIVE\drivers\myfault.sys [x] R3 netr7364;Askey RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x] R3 netwlv64; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netwlv64.sys;c:\windows\SYSNATIVE\DRIVERS\netwlv64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys;c:\windows\SYSNATIVE\Drivers\pssdk42.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 SCL01164;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01164.sys;c:\windows\SYSNATIVE\DRIVERS\SCL01164.sys [x] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys;c:\windows\SYSNATIVE\DRIVERS\sis163u.sys [x] R3 SIVDriver;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys;c:\windows\SYSNATIVE\Drivers\SIVX64.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x] R3 WirelessKeyboardFilter;Wireless Keyboard Filter Device Service;c:\windows\system32\DRIVERS\WirelessKeyboardFilter.sys;c:\windows\SYSNATIVE\DRIVERS\WirelessKeyboardFilter.sys [x] R4 ChromodoUpdater;COMODO Chromodo Update Service;c:\program files (x86)\Comodo\Chromodo\chromodo_updater.exe;c:\program files (x86)\Comodo\Chromodo\chromodo_updater.exe [x] R4 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R4 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe [x] R4 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [x] R4 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x] R4 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] S0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x] S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x] S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x] S1 epp;epp;f:\downloads von xXxXx\EmsisoftEmergencyKit\BIN64\epp.sys;f:\downloads von xXxXx\EmsisoftEmergencyKit\BIN64\epp.sys [x] S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x] S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetLwf.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 AVP18.0.0;Kaspersky Anti-Virus Service 18.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [x] S2 Everything;Everything;c:\program files\Everything\Everything.exe;c:\program files\Everything\Everything.exe [x] S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x] S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [x] S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [x] S2 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x] S2 SystoG15Svc;SystoG15 Service;c:\program files (x86)\C2DtoG15\SystoG15Svc.exe;c:\program files (x86)\C2DtoG15\SystoG15Svc.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\C2DtoG15\WinRing0x64.sys;c:\program files (x86)\C2DtoG15\WinRing0x64.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WINRING0_1_2_0 *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-07-31 08:59 2165976 ----a-w- d:\micros~1\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-07-31 08:59 2165976 ----a-w- d:\micros~1\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-07-31 08:59 2165976 ----a-w- d:\micros~1\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-26 13213840] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 397320] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 2049544] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 3837960] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.dell.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Webseite in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIECapture.html IE: An OneNote s&enden - d:\micros~1\Office16\ONBttnIE.dll/105 IE: FRITZ!Box Dial - c:\program files\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm IE: FRITZ!Box Dial\Contexts - 16 (0x10) IE: FRITZ!Box Dial\Flags IE: Lin&kziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft E&xcel exportieren - d:\micros~1\Office16\EXCEL.EXE/3000 IE: Webseite vorhandener PDF-Datei hinzufügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIEAppend.html Trusted Zone: localhost TCP: DhcpNameServer = xxx.XXX.xxx.XXX Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - c:\program files (x86)\Microsoft Office\Office16\MSOSB.DLL Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\Office16\MSOSB.DLL . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-SARDU - e:\wdc wd32 msi-laptop\Desktop copy\03-11-2015 Administrator\SARDU_2.0.6.5\SARDU\uninst.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11o" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11p" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11pf" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xmp" . [HKEY_USERS\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AB20CF9-23F1-C7FA-9AC6-FAD2CF872280}*] @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5A60BEC5-0AB7-A297-1743-1C08581F06A9}*] @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8501ADC-BC7F-0CD6-7512-0C63BBD73688}*] @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEA1CEFE-06DE-AC13-FAA1-8390C38F1541}*] @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_140_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_140_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_140_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_140_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.29" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe . ************************************************************************** . Zeit der Fertigstellung: 2018-07-08 13:15:40 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2018-07-08 11:15 . Vor Suchlauf: 5.449.121.792 Bytes frei Nach Suchlauf: 5.774.356.480 Bytes frei . - - End Of File - - A008AE54516E19DE45A42F865C6865AC A36C5E4F47E84449FF07ED3517B43A31 |
29.07.2018, 14:47 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018)Code:
ATTFilter \AutoPico Daily Restart -> No File <==== ATTENTION c:\windows\AutoKMS Für dich geht es da weiter --> und Neuinstallation von Windows Selbstverständlich brauchst du für eine legale Aktivierung von Windows 10 einen legalen/gültigen Windows-Key.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) |
.com, adware, anhang, auszug, c:\windows, code, comodo, crossrider, folge, folgendes, frage, fragen, google, hack, microsoft, ordner, programme, registry, scan, search, software, system, system32, tarma, umgeleitet, windows, windows 7, zusätzliche |