Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.07.2018, 23:33   #1
duz78
 
Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) - Standard

Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018)



Hallo Community,
In Comodo IceDragen werden Google suchanfragen umgeleitet, des Weiteren habe ich Aussetzer beim Radiostream und Youtube.
Den ersten Scan erfolgte mit ZHPDiag v2018.6.22.140 im Abgesichten Modus.
Dabei habe ich folgendes gefunden: auszug ZHPDiag1.txt

Code:
ATTFilter
---\ Windows-Produkt-Informationen (4) - 3s
Windows Activation Technologies : KO

---\ Im Automatikbetrieb geplanten Tasks (Register) (22) - 7s
O38 - TASK: {F30D9358-51C3-40AF-8991-7D062C2B3746} [64Bits][\AutoKMS] - (.CODYQX4 - AutoKMS.) -- C:\Windows\AutoKMS\AutoKMS.exe  [5046784]   =>HackTool.AutoKMS
C:\Windows\System32\Tasks\AutoKMS - (.CODYQX4.) -- C:\Windows\AutoKMS\AutoKMS.exe  []   =>HackTool.AutoKMS

---\ HKCU & HKLM Software Keys (437) - 47s
HKCU\SOFTWARE\Alex  =>Adware.CrossRider
HKCU\SOFTWARE\eSupport.com  =>PUP.Optional.eSupport
HKU\S-1-5-21-460318521-3142920051-2641109734-1000\SOFTWARE\Alex  =>Adware.CrossRider
HKU\S-1-5-21-460318521-3142920051-2641109734-1000\SOFTWARE\eSupport.com  =>PUP.Optional.eSupport

---\ Inhalt der Ordner Programme (402) - 15s
O43 - CFD: 13/01/2018 - [] D -- C:\ProgramData\InstallMate  =>Adware.Tarma

---\ Search Tracing Registry Key (2) - 2s
HKLM\SOFTWARE\Microsoft\Tracing\Microsoft Toolkit_RASAPI32  =>HackTool.WinActivator
HKLM\SOFTWARE\Microsoft\Tracing\Microsoft Toolkit_RASMANCS  =>HackTool.WinActivator

---\ Zusätzliche Scan (O88) (21) - 3s
C:\Windows\AutoKMS\AutoKMS.exe  =>HackTool.AutoKMS
C:\Windows\System32\Tasks\AutoKMS  =>HackTool.AutoKMS
C:\ProgramData\InstallMate  =>Adware.Tarma
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Microsoft Toolkit_RASAPI32  =>HackTool.WinActivator
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Microsoft Toolkit_RASMANCS  =>HackTool.WinActivator
         
Danach ließ ich mehrere mal ZHPCleaner laufen. (Logs im Anhang)

Leider erst jetzt ließ ich folgende Beiträge:
https://www.trojaner-board.de/153593-crossrider-entfernen.html
https://www.trojaner-board.de/167224-windows-8-1-pup-optional-crossrider-a.html
https://www.trojaner-board.de/154212-virenfund-adware-crossrider.html
https://www.trojaner-board.de/166517-windows-7-probleme-adware-crossrider-virus.html
---
https://www.trojaner-board.de/69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html
https://www.trojaner-board.de/137229-anleitung-posten-logfiles-code-tags.html#post1095079
---


Vielen Dank im Voraus für die Hilfe und ich erwarte eure Anweisungen wie es weiter gehen soll.
Angehängte Dateien
Dateityp: zip anhang.zip (68,6 KB, 6x aufgerufen)

Alt 27.07.2018, 23:46   #2
duz78
 
Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) - Standard

Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) Log 1



MBAM
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 06.07.18
Scan-Zeit: 21:16
Protokolldatei: 0fab97fa-8151-11e8-95d3-1c6f65485878.json
Administrator: Ja

-Softwaredaten-
Version: 3.5.1.2522
Komponentenversion: 1.0.374
Version des Aktualisierungspakets: 1.0.5801
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: xXxXxLogo\xXxXx

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 250610
Erkannte Bedrohungen: 8
In die Quarantäne verschobene Bedrohungen: 0
(keine bösartigen Elemente erkannt)
Abgelaufene Zeit: 2 Min., 25 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Deaktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 4
PUP.Optional.DriverPack, HKU\S-1-5-21-460318521-3142920051-2641109734-1000\SOFTWARE\DRPSU, Keine Aktion durch Benutzer, [887], [472301],1.0.5801
PUP.Optional.WinMendRegistryCleaner, HKU\S-1-5-21-460318521-3142920051-2641109734-1000\SOFTWARE\SunnyDigits, Keine Aktion durch Benutzer, [3426], [483624],1.0.5801
PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU, Keine Aktion durch Benutzer, [887], [472300],1.0.5801
PUP.Optional.DriverAgent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DrvAgent64, Keine Aktion durch Benutzer, [3501], [345587],1.0.5801

Registrierungswert: 2
PUP.Optional.DriverPack, HKU\S-1-5-21-460318521-3142920051-2641109734-1000\SOFTWARE\DRPSU|CLIENTID, Keine Aktion durch Benutzer, [887], [472301],1.0.5801
PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU|CLIENTID, Keine Aktion durch Benutzer, [887], [472300],1.0.5801

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 2
PUP.Optional.DriverAgent, C:\WINDOWS\SYSWOW64\DRIVERS\DRVAGENT64.SYS, Keine Aktion durch Benutzer, [3501], [345587],1.0.5801
CrackTool.FilePatch, C:\USERS\xXxXx\APPDATA\LOCAL\TEMP\DUP2PATCHER.DLL, Keine Aktion durch Benutzer, [10825], [19569],1.0.5801

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64 
Ran by Trans (Administrator) on So, 24.06.2018 at  7:18:16,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on So, 24.06.2018 at  7:19:24,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
sc-cleaner

Code:
ATTFilter
Shortcut Cleaner 1.4.9.6 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Ultimate Service Pack 1
Program started at: 06/01/2018 01:11:21 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\xXxXx\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\xXxXx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\xXxXx\Desktop\

Searching C:\Users\Public\Desktop\


0 bad shortcuts found.

Program finished at: 06/01/2018 01:11:22 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
         
FRST64


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by xXxXx (administrator) on xXxXxLOGO (30-06-2018 08:23:19)
Running from F:\Downloads von xXxXx\Farbar Recovery Scan Tool FRST64 - Download - Filepony
Loaded Profiles: xXxXx (Available Profiles: xXxXx)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Everything\Everything.exe
() C:\Users\xXxXx\AppData\Roaming\ZHP\ZHPCleaner.exe
(Malwarebytes) C:\Users\xXxXx\Downloads\adwcleaner_7.1.1.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\sethc.exe
(Emsisoft Ltd) F:\Downloads von xXxXx\EmsisoftEmergencyKit\BIN64\a2cmd.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDevAgt] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [397320 2008-11-06] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2049544 2008-11-06] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3837960 2008-11-06] (Logitech Inc.)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
HKLM-x32\...\Run: [MRUTray] => C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe [731176 2010-03-08] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\RunOnce: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\Run: [f.lux] => C:\Users\xXxXx\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2016-12-26] ()
Startup: C:\Users\xXxXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-11-25]
ShortcutTarget: An OneNote senden.lnk -> D:\Microsoft Office 2016 Pro Plus\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\xXxXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk [2016-01-23]
ShortcutTarget: C2DtoG15.lnk -> C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe (Andreas Sammann)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll => No File 
Tcpip\Parameters: [DhcpNameServer] xxx.XXX.xxx.XXX
Tcpip\..\Interfaces\{4A203B00-467E-40A4-9C82-71A26F6AC778}: [DhcpNameServer] xxx.XXX.xxx.XXX

Internet Explorer:
==================
HKU\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKU\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-03-03] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-02-02] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office 2016 Pro Plus\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-02-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-03-03] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-460318521-3142920051-2641109734-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-460318521-3142920051-2641109734-1000 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1465820290705
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - D:\Microsoft Office 2016 Pro Plus\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - D:\Microsoft Office 2016 Pro Plus\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: zidube0h.default
FF ProfilePath: C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default [2018-06-30]
FF Homepage: Comodo\IceDragon\Profiles\zidube0h.default -> hxxps://de.yahoo.com/?fr=fp-comodo&type=25050004003_id_hp
FF Session Restore: Comodo\IceDragon\Profiles\zidube0h.default -> is enabled.
FF Extension: (Mixcloud Downloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\@mixclouddownloader.xpi [2018-05-19]
FF Extension: (One-Click Translate Page) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\@one-click-xXxXxlate-page-button.xpi [2016-05-15] [Legacy]
FF Extension: (Image Search) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\@rev-image-search.xpi [2018-05-19]
FF Extension: (about:addons-memory) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\about-addons-memory@tn123.org.xpi [2016-08-19] [Legacy]
FF Extension: (ADB Helper) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\adbhelper@mozilla.org.xpi [2018-05-19] [Legacy]
FF Extension: (DownThemAll! AntiContainer) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\anticontainer@downthemall.net.xpi [2016-05-05] [Legacy]
FF Extension: (Flash Video Downloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\artur.dubovoy@gmail.com.xpi [2018-05-20]
FF Extension: (Copy Link URL) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\copylinkurl@bluelightdev.com.xpi [2016-05-26] [Legacy]
FF Extension: (Extension source viewer) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\crxviewer-firefox@robwu.nl.xpi [2018-05-31]
FF Extension: (Download Master) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\dm@westbyte.com.xpi [2018-05-26]
FF Extension: (FastPrevNext) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\fastprevnext@tn123.ath.cx.xpi [2016-05-27] [Legacy]
FF Extension: (FoxyTab) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\foxytab@eros.man.xpi [2018-05-26]
FF Extension: (SaveFrom.net Helfer) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\helper-sig@savefrom.net.xpi [2018-05-31]
FF Extension: (Image Picker) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\ImagePicker@topolog.org [2017-05-28] [Legacy]
FF Extension: (YouTube mp3) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\info@youtube-mp3.org.xpi [2017-08-05] [Legacy]
FF Extension: (Turbo Download Manager (v2)) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid0-dsq67mf5kjjhiiju2dfb6kk8dfw@jetpack.xpi [2018-05-26]
FF Extension: (Easy YouTube to MP3 Converter) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpi [2016-08-03] [Legacy]
FF Extension: (Zum Google Übersetzer) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2018-05-30]
FF Extension: (SoundCloud MP3 Downloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid1-hnmMaq1milpehc6uI@jetpack.xpi [2018-05-20]
FF Extension: (jdCaptcha) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid1-pb9n59z6lXIxjw@jetpack.xpi [2018-01-13] [Legacy]
FF Extension: (Best Youtube Mp3 Download) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\jid1-SeLs5yD73k7KzA@jetpack.xpi [2016-08-03] [Legacy]
FF Extension: (Save Images) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\LDSI_plashcor@gmail.com.xpi [2017-10-20] [Legacy]
FF Extension: (Link Gopher) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\linkgopher@oooninja.com.xpi [2018-05-26]
FF Extension: (MinimizeToTray revived (MinTrayR)) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\mintrayr@tn123.ath.cx [2016-08-12] [Legacy]
FF Extension: (Multithreaded Download Manager) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\multithreaded-download-manager@qw.linux-2g64.local.xpi [2018-05-26]
FF Extension: (Save File to) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\savefileto@mozdev.org.xpi [2016-05-27] [Legacy]
FF Extension: (Save Image to Downloads) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\save_to_downloads@save_to_downloads.org.xpi [2018-05-20]
FF Extension: (No Name) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\simple-tab-groups@drive4ik.xpi [2018-05-26]
FF Extension: (Tab Counter) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\tab-counter@daawesomep.addons.mozilla.org.xpi [2018-05-26]
FF Extension: (Tab Counter) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\tabcounter@morac.xpi [2017-05-27] [Legacy]
FF Extension: (Tab Groups) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\tabgroups@quicksaver.xpi [2017-12-26] [Legacy]
FF Extension: (The Addon Bar (restored)) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-05-05] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\uBlock0@raymondhill.net.xpi [2018-05-31]
FF Extension: (Download with JDownloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{03e07985-30b0-4ae0-8b3e-0c7519b9bdf6}.xpi [2018-05-31]
FF Extension: (Session Manager) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-05-27] [Legacy]
FF Extension: (Download Manager for Firefox) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{2060d74a-fd12-4482-909b-9aeeaaa98627}.xpi [2018-05-20]
FF Extension: (Save Image in Folder) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi [2015-12-27] [Legacy]
FF Extension: (Save Button for Pinterest) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2018-05-20]
FF Extension: (Thumbs) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}.xpi [2018-04-22] [Legacy]
FF Extension: (CacheViewer) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2017-09-02] [Legacy]
FF Extension: (Open image in a new tab) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{7276f3bb-de56-4b5a-b940-88b62731d409}.xpi [2018-05-20]
FF Extension: (Bulk Media Downloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{72b2e02b-3a71-4895-886c-fd12ebe36ba3}.xpi [2018-05-20]
FF Extension: (Save In…) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{72d92df5-2aa0-4b06-b807-aa21767545cd}.xpi [2018-05-26]
FF Extension: (Google  Image Search) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2016-05-05] [Legacy]
FF Extension: (Copy Links) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi [2016-05-05] [Legacy]
FF Extension: (Download Statusbar) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{76faaba6-3aa1-47a4-bf40-90aa2505e79c}.xpi [2018-05-20]
FF Extension: (Download status) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}.xpi [2016-05-05] [Legacy]
FF Extension: (Video Downloader) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{a14b9c5e-f7da-419c-914c-b023017dceba}.xpi [2018-05-31]
FF Extension: (Video DownloadHelper) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-05-31]
FF Extension: (Fast Video Download) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2016-11-20] [Legacy]
FF Extension: (DownThemAll!) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29] [Legacy]
FF Extension: (Greasemonkey) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-05-31]
FF Extension: (Copy All Links) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{e6a9a96e-4a08-4719-b9bd-0e91c35aaabc}.xpi [2016-05-05] [Legacy]
FF Extension: (Google Privacy) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2016-05-05] [Legacy]
FF Extension: (G Links) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{ebe76e19-dd9f-4b48-a90d-9b4d85de5d70}.xpi [2016-05-26] [Legacy]
FF Extension: (Download Manager Tweak) - C:\Users\xXxXx\AppData\Roaming\Comodo\IceDragon\Profiles\zidube0h.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2016-05-27] [Legacy]
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-05-06]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-05-05] ()
FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-02-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-02-02] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-05-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ [] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-460318521-3142920051-2641109734-1000: @tools.google.com/Google Update;version=3 -> C:\Users\xXxXx\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-460318521-3142920051-2641109734-1000: @tools.google.com/Google Update;version=9 -> C:\Users\xXxXx\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-18] (Google Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S4 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2273424 2016-10-03] (Comodo)
S2 Everything; C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] ()
S4 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [4295952 2018-02-07] (Comodo Inc.)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2018-03-03] (AO Kaspersky Lab)
S2 Marvell RAID; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [235560 2010-03-08] ()
S2 MRUWebService; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635 2008-06-12] (Apache Software Foundation) [File not signed]
S2 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S2 SystoG15Svc; C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe [59392 2011-01-26] (Andreas Sammann) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-11-24] (Microsoft Corporation)
S3 KSDE1.0.0; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe" -r [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 abelssoft_recordify; C:\Windows\System32\drivers\recordify.sys [56584 2016-01-08] (Abelssoft)
S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 CrystalSysInfo; F:\Downloads von xXxXx\MediaCoder-x64-0.8.48.5888\SysInfoX64.sys [18128 2007-09-25] ()
S3 dc3d; C:\Windows\System32\DRIVERS\dc3d.sys [47616 2011-05-18] (Microsoft Corporation) [File not signed]
S1 epp; F:\Downloads von xXxXx\EmsisoftEmergencyKit\BIN64\epp.sys [142448 2018-06-01] (Emsisoft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-24] (AO Kaspersky Lab)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [119496 2018-05-06] (AO Kaspersky Lab)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [206024 2018-05-06] (AO Kaspersky Lab)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1192128 2018-05-06] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1073344 2018-05-06] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [56520 2018-05-06] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [57568 2016-12-23] (AO Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-12-24] (AO Kaspersky Lab)
S3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81904 2017-12-24] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [142024 2018-05-06] (AO Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-12-24] (AO Kaspersky Lab)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.)
S3 MYFAULT; C:\Windows\system32\drivers\myfault.sys [25392 2018-06-01] (Sysinternals)
S3 netwlv64; C:\Windows\System32\DRIVERS\netwlv64.sys [7530496 2013-06-18] (Intel Corporation) [File not signed]
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [130960 2012-12-14] (Ray Hinchliffe)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [File not signed]
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [199808 2017-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [210680 2017-10-18] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2016-01-19] (Oracle Corporation)
S2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2012-09-11] (WinISO.com)
S3 WinRing0_1_2_0; C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 ATICDSDr; \??\C:\Users\xXxXx\AppData\Local\Temp\ATICDSDr.sys [X] <==== ATTENTION
S4 rtkio; \??\C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [X]
S3 SCL01164; system32\DRIVERS\SCL01164.sys [X]
S4 TEAM; system32\DRIVERS\RtTeam60.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]
S4 zntport; \??\C:\Windows\system32\drivers\zntport.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\recordify.sys AD86367BD36D3BAB28613D2FFAA42A4E
C:\Windows\System32\drivers\ACPI.sys DCA5495CA17AEB2F4FD8AC60812C3999
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\Windows\system32\drivers\agp440.sys 466BF4170DC41BB939F1F9AB8F97F8F5
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 8A22BE3663C0A93F7E4C1A458FC0817A
C:\Windows\System32\DRIVERS\atikmpag.sys C0C27A1094F6EA978FB2CAACFDE0E594
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\AMPPAL.sys 18A8E8A19CD826D31D2E74E740220001
C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87
C:\Windows\system32\drivers\appid.sys 204EEBF8D67B5C16F9AEB5174A8CEB90
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 1CE73AB39DBB6A20CF1A99AEBA9A43E8
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys B5D7A0638CA817BA7D8A4DFD3499BA2A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cm_km.sys F03BD81B9F81EE845D790B55417CD0AA
C:\Windows\System32\Drivers\cng.sys 9DE8D00626F01DBD1879A6655D7A752D
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
F:\Downloads von xXxXx\MediaCoder-x64-0.8.48.5888\SysInfoX64.sys 5228B7A738DC90A06AE4F4A7412CB1E9
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys 7AF9DAC504FBD047CBC3E64AE52C92BF
C:\Windows\System32\Drivers\dfsc.sys 7D2D2284833760A82308CF09F7618E8B
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 8407DDFAB85AE664E507C30314090385
C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys BDD265EEB37DF5953A547FE412E2472F
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
F:\Downloads von xXxXx\EmsisoftEmergencyKit\BIN64\epp.sys 4B302604189A4BF55ED774A79ECD58D0
C:\Windows\system32\drivers\errdev.sys 9002EED07FD7FCFF6B8C5C06B454AC19
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys DC591A7A196E99EFB5A48D708CB989FD
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\gdrv.sys 7907E14F9BCF3A4689C9A74A1A873CB6
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys 90D91013D16A15B22A4B4EB6D4140A5B
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 93C367EA831FB39DEE3BA96539A187FB
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 7A93DBF7DD86A28C0B941F4D39B85A0E
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys 905E9D664F38B93B53FA05422165F5B5
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 025177EB96DDB40DBA3CD003AD54D90B
C:\Windows\System32\DRIVERS\klbackupdisk.sys AD67F0BFD14CA21269A274C3A4BEF497
C:\Windows\System32\DRIVERS\klbackupflt.sys 34B42D05E89FD4A5F77F612890E720CB
C:\Windows\System32\DRIVERS\kldisk.sys 7DAA9047F50BF5A3F8C147719FC520AF
C:\Windows\System32\DRIVERS\klflt.sys 3961D24B3E6A5C99F97A4B5324B08243
C:\Windows\System32\DRIVERS\klhk.sys C0691CBA8BA4EB170CF01BE5E7DC7192
C:\Windows\System32\DRIVERS\klif.sys E74A0B4A079DDBA941B8E9B42AEF433D
C:\Windows\System32\DRIVERS\klim6.sys AAC68576EF93EF1BD17FE0B777D411E0
C:\Windows\System32\DRIVERS\klkbdflt.sys E9DC10BB19A990BBB34759646BF9D1DF
C:\Windows\System32\DRIVERS\klmouflt.sys B529DD154D29823708C7FCEFF8012842
C:\Windows\System32\DRIVERS\klpd.sys C334FBE82E1ADE139FFCD43517378A4B
C:\Windows\System32\DRIVERS\kltap.sys 828B042A95F055648DA190DF6C7AB1B6
C:\Windows\System32\DRIVERS\kltdi.sys D4BFD84A61FDEB56CF6809E8EF07C7E8
C:\Windows\System32\DRIVERS\klwtp.sys 2FC2447D2C9808769094CD00D3A1EE6E
C:\Windows\System32\DRIVERS\kneps.sys C2E155A456E0E18953A41546C8769E63
C:\Windows\System32\Drivers\ksecdd.sys 248B268241DB33B677FB0D50CE52A7F7
C:\Windows\System32\Drivers\ksecpkg.sys 755895D37F128F9AE3F408B20630EDC3
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0
C:\Windows\System32\drivers\LGJoyXlCore.sys 7D24DEBE7BC0C01A30A9A65806B61453
C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 5416CEB2916BBE635288C4D1075B045E
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 6D9BB8B53394B62540A3971FCE2BE8DB
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys B07AD0FD4026F7E3A146485B728B9CAF
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4D28B9613A100BC42CAA07E335AD4705
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9E4E93DA0A2A492C8D31FCA092BE9384
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys 6FE3DBEEA730A857CA3DF603B7DEADA2
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys 94275393BB85D1E2B74BFEFEC386B4A0
C:\Windows\system32\drivers\mssmbios.sys 1FC0BF25FFCB9F751BCBC6C6AC577078
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys AA0C2BA3782E92BD85E2264BE418E67C
C:\Windows\System32\DRIVERS\mv91cons.sys 6AF2640B5D7202FA0D96467318D4592E
C:\Windows\system32\drivers\myfault.sys 222449A588EA111DAF66E84177D73AE9
C:\Windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452
C:\Windows\System32\drivers\ndis.sys 261F27367EB6EA6478B940811F0A6F03
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys 3F217F77899654833B650ED6A1372BE4
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys E46AF308E96F7730F59B0F250A884CD6
C:\Windows\System32\DRIVERS\netbios.sys 2E19EB10185992AB08BC3688AACA4CE2
C:\Windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D
C:\Windows\System32\DRIVERS\netr7364.sys 81B8D0C1CE44A7FDBD596B693783950C
C:\Windows\System32\DRIVERS\netwlv64.sys 10C475C8374F5E4905979D6C5F504DE0
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4
C:\Windows\System32\Drivers\Ntfs.sys 8422AFBD1C2D30FFC913309D7F1A366D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys 7425A6B64F5D37D0565F2581B886E5E3
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys 481DADB90C1D4E9F19328079C7A9E63D
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys 4CE827A5433451551E99C2C1D20E4A43
C:\Windows\system32\Drivers\pssdk42.sys CD33CB6FECF65520466F95AB89CC4AF5
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys FB45727105E27756B3252572A138FA19
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys F4287A980C0AA41DE3073F053E5EA73C
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 4FBDA07EF0A3097CE14C5CABF723B278
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sis163u.sys CDEDDF9D11FBEDDB673798A450CB17BB
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\system32\Drivers\SIVX64.sys D860B78FC88B5BD05B846D6A3F0A19EF
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 1145EC013B72D4E6C60497707BB1A4B6
C:\Windows\System32\DRIVERS\srv2.sys 2D8FFA3B636368130F909E0CD935B555
C:\Windows\System32\DRIVERS\srvnet.sys 4B1C343E11065819F687EAC68A5E13F3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys 10DCD3BDFA785E1482EC02304A7E9B96
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys 8A54B9C4206FBAB2CEE3525CFD365241
C:\Windows\System32\DRIVERS\tcpip.sys 8A54B9C4206FBAB2CEE3525CFD365241
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\Windows\system32\drivers\termdd.sys AC24D7A7D9EEDE11E2926F9001BEAFB5
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\DRIVERS\tssecsrv.sys 2CF58216424757ED29605B4F18EC443C
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys B70E26A57F35ECA5199E6D6B9592A67C
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\Windows\system32\drivers\usbccgp.sys 9E68E917FB4B5C983438969643F53BEF
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 3F9D3902CE931E2A28DD8452AE915B67
C:\Windows\System32\DRIVERS\usbfilter.sys 5AE9C87A1ED4B243942B3FDDD902134B
C:\Windows\System32\DRIVERS\usbhub.sys 86B65EEBC03B936DE8B26E5A18D98FA2
C:\Windows\system32\drivers\usbohci.sys 099C2931C6F73EB1B9E13C560F61B50D
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys 5D7651347C7D702F4A5DE53603DC024F
C:\Windows\System32\DRIVERS\VBoxDrv.sys 84C6F1514992377781CBD3B4DE0D5051
C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys EF7F23DA190E74156157DD3CA835627D
C:\Windows\System32\DRIVERS\VBoxNetLwf.sys ECEC981D0FF18BB93AA9BB59EDA7A0DC
C:\Windows\System32\Drivers\VBoxUSB.sys 90F27457F9D7C5190033001565B34BEC
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys 63F95FCFEFE94AAB6F6A34BD1A4A2686
C:\Windows\System32\DRIVERS\VClone.sys 2CB7AEA800B614184238232FBA4430E1
C:\Windows\System32\drivers\vdrvroot.sys 7BDCE021786C3DCCFD2C22EBF643EE36
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys 8EDE91FBAC7BF7605323C517C717A253
C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys DC4CB3626E7423B9D83CF1B4857FDF15
C:\Windows\System32\DRIVERS\wanarp.sys DC4CB3626E7423B9D83CF1B4857FDF15
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\drivers\WinisoCDBus.sys BC67C1E4B36063968E54C3B2E4DB8978
C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys 0C0195C48B6B8582FA6F6373032118DA
C:\Windows\System32\DRIVERS\WinUSB.SYS FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys 6E5FE85FC15590EF509A6D217C65F9BE
C:\Windows\system32\drivers\wmiacpi.sys 43471A750D4F3918AC92F5131AE252D3
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Files in the root of some directories =======

2016-01-09 03:28 - 2016-01-09 03:28 - 000000030 _____ () C:\Program Files (x86)\Exiferupdate.ini
2016-02-10 00:27 - 2016-12-04 02:30 - 000000600 _____ () C:\Users\xXxXx\AppData\Roaming\winscp.rnd
2015-12-13 18:13 - 2018-06-09 15:01 - 000007665 _____ () C:\Users\xXxXx\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2016-02-09 16:46 - 2016-02-09 16:46 - 000003584 _____ () C:\Users\xXxXx\AppData\Local\Temp\7CEB9B2A0E395BD64E74381485A106AF.dll
2016-02-09 16:46 - 2016-02-09 16:46 - 000003072 _____ () C:\Users\xXxXx\AppData\Local\Temp\A1D76FF97175BF79025AB7AA1DDF0A2A.dll
2016-02-09 16:46 - 2016-02-09 16:46 - 000090112 _____ () C:\Users\xXxXx\AppData\Local\Temp\dup2patcher.dll
2014-09-24 00:42 - 2014-09-24 00:42 - 000013824 _____ () C:\Users\xXxXx\AppData\Local\Temp\gkey.exe
2016-02-09 03:24 - 2016-02-09 03:24 - 000065024 _____ () C:\Users\xXxXx\AppData\Local\Temp\mgwz.dll
2016-07-02 14:57 - 2016-07-02 14:57 - 001833216 _____ (Microsoft Corporation) C:\Users\xXxXx\AppData\Local\Temp\msxml6-KB927977-enu-amd64.exe
2018-01-02 01:56 - 2018-01-02 01:56 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_2018115612769.dll
2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811827201.dll
2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811827298.dll
2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811827374.dll
2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811827652.dll
2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811827742.dll
2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_20181182795.dll
2018-01-01 14:08 - 2018-01-01 14:08 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_201811828776.dll
2018-01-02 02:54 - 2018-01-02 02:54 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_2018125426629.dll
2018-03-24 17:15 - 2018-03-24 17:15 - 001861120 _____ (Opera Software) C:\Users\xXxXx\AppData\Local\Temp\Opera_installer_2018324151420.dll
2016-12-02 22:32 - 2016-12-02 22:32 - 001042784 _____ (Microsoft Corporation) C:\Users\xXxXx\AppData\Local\Temp\PidGenX.dll
2015-03-02 14:25 - 2015-03-02 14:25 - 000027648 _____ () C:\Users\xXxXx\AppData\Local\Temp\pkeyui.exe
2017-12-26 03:43 - 2017-12-26 03:43 - 000043520 ____N () C:\Users\xXxXx\AppData\Local\Temp\proxy_vole7096985200518914322.dll
2015-03-01 19:09 - 2016-01-09 07:00 - 000048848 _____ () C:\Users\xXxXx\AppData\Local\Temp\wabk.exe
2018-03-31 03:06 - 2018-03-31 03:37 - 000002000 _____ () C:\Users\xXxXx\AppData\Local\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll

Some zero byte size files/folders:
==========================
C:\Windows\System32\SetupDLL.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {8475e030-a1ca-11e5-9225-ca89b242d27e}
displayorder            {current}
                        {b9c04f25-ce9d-11e5-ae2b-1c6f65485878}
                        {b9c04f1b-ce9d-11e5-ae2b-1c6f65485878}
                        {b9c04f22-ce9d-11e5-ae2b-1c6f65485878}
                        {b9c04f23-ce9d-11e5-ae2b-1c6f65485878}
                        {ntldr}
                        {b9c04f20-ce9d-11e5-ae2b-1c6f65485878}
                        {ee3d8d2f-be09-43df-965b-732329837dc6}
                        {b9c04f1d-ce9d-11e5-ae2b-1c6f65485878}
                        {b9c04f1e-ce9d-11e5-ae2b-1c6f65485878}
                        {b9c04f24-ce9d-11e5-ae2b-1c6f65485878}
toolsdisplayorder       {memdiag}
timeout                 10
displaybootmenu         Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  boot
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {8475e032-a1ca-11e5-9225-ca89b242d27e}
recoveryenabled         Yes
osdevice                boot
systemroot              \Windows
resumeobject            {8475e030-a1ca-11e5-9225-ca89b242d27e}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {8475e032-a1ca-11e5-9225-ca89b242d27e}
device                  ramdisk=[C:]\Recovery\8475e032-a1ca-11e5-9225-ca89b242d27e\Winre.wim,{8475e033-a1ca-11e5-9225-ca89b242d27e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8475e032-a1ca-11e5-9225-ca89b242d27e\Winre.wim,{8475e033-a1ca-11e5-9225-ca89b242d27e}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows-Startladeprogramm
-------------------------
Bezeichner              {b9c04f22-ce9d-11e5-ae2b-1c6f65485878}
device                  ramdisk=[C:]\DeploymentShare\Boot\LiteTouchPE_x64.wim,{b9c04f21-ce9d-11e5-ae2b-1c6f65485878}
path                    \Windows\System32\Boot\winload.exe
description             WIM DeploymentShare WinPE LiteTouchPEx64
locale                  de-DE
osdevice                ramdisk=[C:]\DeploymentShare\Boot\LiteTouchPE_x64.wim,{b9c04f21-ce9d-11e5-ae2b-1c6f65485878}
systemroot              \Windows
nx                      OptIn
pae                     Default
detecthal               Yes
winpe                   Yes
sos                     No
debug                   No

Windows-Startladeprogramm
-------------------------
Bezeichner              {b9c04f25-ce9d-11e5-ae2b-1c6f65485878}
device                  vhd=[locate]\Desinf2019.vhd
path                    \Windows\system32\winload.exe
description             Desinf2019 VHD
locale                  en-US
osdevice                vhd=[locate]\Desinf2019.vhd
systemroot              \Windows
resumeobject            {c3bebfb8-65a4-11e8-a7fb-806e6f6e6963}
detecthal               No
winpe                   No

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {8475e030-a1ca-11e5-9225-ca89b242d27e}
device                  boot
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {c3bebfb8-65a4-11e8-a7fb-806e6f6e6963}
device                  vhd=[D:]\Desinf2019.vhd
path                    \Windows\system32\winresume.exe
description             Desinf2019 VHD
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows-Legacybetriebssystem-Ladeprogramm
-----------------------------------------
Bezeichner              {ntldr}
device                  partition=\Device\HarddiskVolume2
path                    \ntldr
description             winxp black install
locale                  de-DE

Echtmodus-Startabschnitt
------------------------
Bezeichner              {b9c04f1b-ce9d-11e5-ae2b-1c6f65485878}
device                  partition=C:
path                    \NST\NeoGrub.mbr
description             NeoGrub Bootloader
locale                  de-DE
custom:250000c2         0

Echtmodus-Startabschnitt
------------------------
Bezeichner              {b9c04f1d-ce9d-11e5-ae2b-1c6f65485878}
device                  partition=C:
path                    \NST\AutoNeoGrub1.mbr
description             NeoSmart ISO Entry kali
custom:250000c2         0

Echtmodus-Startabschnitt
------------------------
Bezeichner              {b9c04f1e-ce9d-11e5-ae2b-1c6f65485878}
device                  partition=C:
path                    NST\syslinux\isolinux.bin
description             NST syslinux
locale                  de-DE

Echtmodus-Startabschnitt
------------------------
Bezeichner              {b9c04f1f-ce9d-11e5-ae2b-1c6f65485878}
description             NST syslinux other ID

Echtmodus-Startabschnitt
------------------------
Bezeichner              {b9c04f20-ce9d-11e5-ae2b-1c6f65485878}
device                  partition=C:
path                    \NST\AutoNeoGrub2.mbr
description             AOSS iso
custom:250000c2         0

Echtmodus-Startabschnitt
------------------------
Bezeichner              {b9c04f23-ce9d-11e5-ae2b-1c6f65485878}
device                  partition=C:
path                    \NST\AutoNeoGrub3.mbr
description             ISO DeploymentShare WinPE LiteTouchPEx64
custom:250000c2         0

Echtmodus-Startabschnitt
------------------------
Bezeichner              {b9c04f24-ce9d-11e5-ae2b-1c6f65485878}
device                  partition=C:
path                    \NST\AutoNeoGrub4.mbr
description             MultiBoot2k10DVDUSBHDD510.iso
locale                  de-DE
custom:250000c2         0

Echtmodus-Startabschnitt
------------------------
Bezeichner              {ee3d8d2f-be09-43df-965b-732329837dc6}
device                  partition=C:
path                    \NST\grldr.mbr
description             Grub for Dos
locale                  de-DE

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger�teoptionen
--------------
Bezeichner              {8475e033-a1ca-11e5-9225-ca89b242d27e}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8475e032-a1ca-11e5-9225-ca89b242d27e\boot.sdi

Optionen zum RAM-Datentr�gersetup
---------------------------------
Bezeichner              {ramdiskoptions}
description             RamdiskOptions
ramdisksdidevice        partition=C:
ramdisksdipath          \NST\boot.sdi

Ger�teoptionen
--------------
Bezeichner              {b9c04f21-ce9d-11e5-ae2b-1c6f65485878}
description             WIM DeploymentShare WinPE LiteTouchPEx64
ramdisksdidevice        partition=C:
ramdisksdipath          \NST\boot.sdi


LastRegBack: 2018-06-29 21:09

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

FRST64 - Addition

[CODE]Additional
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by xXxXx (30-06-2018 08:24:22)
Running from F:\Downloads von xXxXx\Farbar Recovery Scan Tool FRST64 - Download - Filepony
Windows 7 Ultimate Service Pack 1 (X64) (2015-12-13 10:06:32)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-460318521-3142920051-2641109734-500 - Administrator - Disabled)
Guest (S-1-5-21-460318521-3142920051-2641109734-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-460318521-3142920051-2641109734-1002 - Limited - Disabled)
xXxXx (S-1-5-21-460318521-3142920051-2641109734-1000 - Administrator - Enabled) => C:\Users\xXxXx

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1701-000001000000}) (Version: 17.01.00.0 - Igor Pavlov)
µTorrent (HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
ACDSee Photo Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.108 - ACD Systems International)
Ace Video Converter (HKLM-x32\...\Ace Video Converter_is1) (Version: 3.8 - XetoWare)
Acoustica Premium Edition 6.0 (HKLM-x32\...\{B0AB0E72-A179-4B1E-813B-BBA1344819A5}_is1) (Version: 6.0.19 - Acon AS)
Acoustica Standard Edition 5.0 (HKLM-x32\...\Acoustica Standard Edition_is1) (Version: 5.0 - Acon AS)
Active@ Data Studio 10 (HKLM\...\{E59278D4-C877-449A-8183-E3C995270768}_is1) (Version: 10 - LSoft Technologies Inc)
Active@ LiveCD 3 (HKLM-x32\...\{E5B6F199-B086-4676-B691-4EC11E88B6E9}_is1) (Version: 3 - LSoft Technologies Inc)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anti-Twin (Installation 5/26/2016) (HKLM-x32\...\Anti-Twin 2016-05-26 17.24.00) (Version:  - Joerg Rosenthal, Germany)
ATI - Dienstprogramm zur Deinstallation der Software (HKLM-x32\...\All ATI Software) (Version: 6.14.10.1022 - )
ATI AVIVO Codecs (HKLM-x32\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 10.0.0.40103 - ATI Technologies Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AusweisApp2 (HKLM-x32\...\{385F3958-A62E-49B8-9C2B-9A451664325C}) (Version: 1.8.0 - Governikus GmbH & Co. KG)
Awesome Duplicate Photo Finder v. 1.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version:  - Duplicate-Finder.com)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.17 - BleachBit)
C2DtoG15 2.0.2.1 (HKLM-x32\...\{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1) (Version:  - )
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Chromodo (HKLM-x32\...\Chromodo) (Version: 52.15.25.665 - Comodo)
Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 57.0.4.44 - COMODO)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.0.0.113 - Corel Corporation)
DiskInternals CD-DVD Recovery (HKLM-x32\...\DiskInternals CD-DVD Recovery) (Version: 4.1 - DiskInternals Research)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.2 - DiskInternals Research)
Driver Magician 3.9 (HKLM-x32\...\Driver Magician_is1) (Version:  - GoldSolution Software, Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Eassos PartitionGuru 4.7.1 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version:  - Eassos Co., Ltd.)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
Everything 1.4.1.877 (x64) (HKLM\...\{DD18B1CC-A588-4A92-9850-5753E2E8F404}) (Version: 1.4.877 - David Carpenter)
Exifer (HKLM-x32\...\Exifer_is1) (Version:  - Friedemann Schmidt)
Extreme Picture Finder 3.38.2 (HKLM-x32\...\Extreme Picture Finder_is1) (Version: 3.38.2 - Extreme Internet Software)
f.lux (HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\Flux) (Version:  - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
FileAlyzer 2 (HKLM-x32\...\{29D3773E-54F4-23C2-D523-236A4453B845}_is1) (Version: 2.0.5.57 - Safer Networking Limited)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
ICA (HKLM-x32\...\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.0.0.113 - Corel Corporation) Hidden
IcoFX 1.6.4 (HKLM-x32\...\IcoFX_is1) (Version:  - )
IPM_PSP_COM64 (HKLM\...\{1678F86C-889D-4198-8249-F4625058256B}) (Version: 16.0.0.113 - Corel Corporation) Hidden
IrfanView (uninstall) (HKLM\...\IrfanView) (Version:  - )
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.03.0000 - Ihr Firmenname)
Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Total Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Logitech GamePanel Software 3.01 (HKLM\...\{15D97451-1520-4551-BE2D-BCDE2DF22EA7}) (Version: 3.01.180 - Logitech)
Marvell MRU V4 (HKLM-x32\...\mv61xxMRU) (Version: 4.1.0.1700 - Marvell)
Media Feature Pack for Windows 7 N and KN (HKLM-x32\...\{59ba0f4a-dcb6-4377-a4f1-d86816a82500}) (Version: 1.0.0 - Microsoft) Hidden
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.4 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 4.7.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Deployment Toolkit (6.3.8450.1000) (HKLM\...\{38D2CBE2-862C-4C39-8D65-A4C1C2220160}) (Version: 6.3.8450.1000 - Microsoft Corporation)
Microsoft Download Manager (HKLM-x32\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
MP3-Info extension V3.4.24 (HKLM\...\MP3-Info extension_is1) (Version: 3.4.24 - Fabian Cenedese)
Mp3tag v2.77 (HKLM-x32\...\Mp3tag) (Version: v2.77 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\MusicManager) (Version:  - Google, Inc.)
nLite 1.4.9.3 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
Opera developer 55.0.2991.0 (HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\Opera 55.0.2991.0) (Version: 55.0.2991.0 - Opera Software)
Oracle VM VirtualBox 5.2.0 (HKLM\...\{9DF09FCF-7F55-402E-AAB8-67FFBA56EA3B}) (Version: 5.2.0 - Oracle Corporation)
PowerShell-6.0.1-x64 (HKLM\...\{2AA39A40-9624-4997-8E1F-062BA577DB54}) (Version: 6.0.1.0 - Microsoft Corporation)
PSPPContent (HKLM-x32\...\{162BD2D6-6C63-41A7-8151-93188450D36A}) (Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}) (Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{16582334-495C-4F1C-A66B-3BFD8866B674}) (Version: 16.0.0.113 - Corel Corporation) Hidden
PuTTY release 0.66 (HKLM-x32\...\PuTTY_is1) (Version: 0.66 - Simon Tatham)
QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version:  - )
R1soft-VHD-Explorer (HKLM-x32\...\R1soft-VHD-Explorer) (Version:  - )
RarmaRadio 2.71.1 (HKLM-x32\...\RarmaRadio_is1) (Version:  - RaimerSoft)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RegAlyzer (HKLM-x32\...\{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1) (Version: 1.6.2.16 - Safer-Networking Ltd.)
RegEditX (HKLM-x32\...\RegEditX) (Version:  - )
Registry Crawler (HKLM-x32\...\Registry Crawler) (Version:  - )
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
SARDU 2.0.6.5 (HKLM-x32\...\SARDU) (Version: 2.0.6.5 - Davide Costa)
Setup (HKLM-x32\...\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}) (Version: 16.0.0.113 - Ihr Firmenname) Hidden
SSD Tweaker version 3.6.0 (HKLM-x32\...\{83FA601A-241A-4956-8A21-F7D525C4422F}_is1) (Version: 3.6.0 - Elpamsoft.com)
Stellar Phoenix (FAT & NTFS) 2.1 (HKLM-x32\...\Stellar Phoenix FAT & NTFS_is1) (Version:  - Stellar Information Systems Ltd)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
UsbFix Anti-Malware Premium (HKLM-x32\...\UsbFix) (Version: 10.0.2.1 - SOSVirus (SOSVirus.Net))
Vhd Resizer (HKLM-x32\...\{8FAA57C5-7BD1-4285-B4B1-36D7337D7BE5}) (Version: 1.0.42 - Xcarab)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Device Recovery Tool 3.8.19701 (HKLM-x32\...\{8C37503C-DB65-4BB0-855D-4A1AFCC62C55}) (Version: 3.8.19701 - Microsoft)
Windows PowerShell 2.0 Software Development Kit (SDK) (HKLM-x32\...\{F0673FA3-F746-42E9-AC37-33337CA37B39}) (Version: 2.0.0.0 - Microsoft Corporation)
WinISO (HKLM-x32\...\WinISO) (Version: 6.2.0.4637 - WinISO Computing Inc.)
WinRAR 5.50 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)
ZebHelpProcess 2016 (HKLM-x32\...\ZebHelpProcess_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-460318521-3142920051-2641109734-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\xXxXx\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-460318521-3142920051-2641109734-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\xXxXx\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-460318521-3142920051-2641109734-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\xXxXx\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Microsoft Office 2016 Pro Plus\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [IXnView] -> {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} => D:\XnView-v2.34-win-full\ShellEx\xnviewshellext64.dll [2015-02-18] ()
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-05-06] (AO Kaspersky Lab)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-04-23] (Florian Heidenreich)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-05-06] (AO Kaspersky Lab)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-04-23] (Florian Heidenreich)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4-x32: [DiskInternals_cd_recovery] -> {6DD33479-D4D0-4666-93C8-F6DC46668518} => C:\Program Files (x86)\DiskInternals\CD and DVD Recovery\contmenu.dll [2005-01-15] ()
ContextMenuHandlers4-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-05-06] (AO Kaspersky Lab)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2016-04-23] (Florian Heidenreich)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6-x32: [ContMenu] -> {FCF608CF-5716-47C3-A1A8-991D873AF72B} => C:\Program Files (x86)\Exifer\ExiferShellExt.dll [2002-09-18] ()
ContextMenuHandlers6-x32: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => C:\ProgramData\AllDup\FEShlExt.dll [2008-08-20] (Alex Yakovlev)
ContextMenuHandlers6-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-05-06] (AO Kaspersky Lab)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1724059C-16F8-4543-8898-50E94E68C418} - System32\Tasks\{C2C9F29D-89C1-48F7-B299-A1A73523CBEC} => C:\Windows\system32\pcalua.exe -a C:\Users\xXxXx\Downloads\wm9viz.exe -d C:\Users\xXxXx\Downloads
Task: {36F03642-72A2-4077-A795-B56CDC12CB6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {4626991D-5DB7-4DFF-A654-5C6088F6CCB8} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {47CC4D60-BF85-465C-9054-F7545A190E1E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-05-05] (Adobe Systems Incorporated)
Task: {637819C8-07E0-4243-BA80-2B977A6A555F} - System32\Tasks\{4EDAC0CE-1C66-4488-8CD9-93AB77A00FF5} => C:\Windows\system32\pcalua.exe -a "F:\win7 update - AutoPatcher-self\modules\Components\__dotnet\dotNET-x86-x64_files\dotnetfx35.exe" -d "F:\win7 update - AutoPatcher-self\modules\Components\__dotnet\dotNET-x86-x64_files"
Task: {694045A7-31D6-4AB1-A5FD-C73F983E9D9F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => D:\Microsoft Office 2016 Pro Plus\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {7779BB18-193B-449C-8096-C3D8089D2A36} - System32\Tasks\{F19D4934-A517-4984-BC74-D74ADA42FD05} => C:\Program Files (x86)\MetaEdit\MetaEdit.exe
Task: {79AF2D21-A24F-4AD6-ADEC-6900D93548E1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => D:\Microsoft Office 2016 Pro Plus\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {7B5B7838-430D-4170-AB61-AAFCD1C33D31} - System32\Tasks\{EA4CBCC6-42E4-4744-A08F-12DA58A8FA0E} => C:\Program Files (x86)\MetaEdit\MetaEdit.exe
Task: {91909C68-8B5A-4551-A0AF-345388CB4E03} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-460318521-3142920051-2641109734-1000Core => C:\Users\xXxXx\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
Task: {AB52FBCD-E268-41B9-95E3-8EC436442B48} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-05-05] (Adobe Systems Incorporated)
Task: {B006D960-C520-41E2-A216-0AF46D2ED247} - System32\Tasks\File List - sammlung XnXX dev => C:\Program Files\Everything\Everything.exe [2017-06-07] ()
Task: {B6AFEB82-DDB1-49C7-952A-A22F6ABA8F8C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-05] (Adobe Systems Incorporated)
Task: {BCC66030-D7F4-401C-B6D1-0E548A3FAFF9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {E288CBC2-ED48-4829-A96E-690BACAD211D} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2018-03-03] (AO Kaspersky Lab)
Task: {E2EC75B8-6C96-4BB6-91E1-EEE32CE23932} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-460318521-3142920051-2641109734-1000UA => C:\Users\xXxXx\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
Task: {E5DF6778-E2F4-4A3E-9252-93A9F7361923} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-22] ()
Task: {F214E4C3-4766-4689-8123-8044E23E4907} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {F30D9358-51C3-40AF-8991-7D062C2B3746} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-07-01] ()
Task: {FA42B34E-9CB3-4633-B621-FFEA7A2894FB} - System32\Tasks\Opera scheduled Autoupdate 1475947844 => C:\Users\xXxXx\AppData\Local\Programs\Opera developer\launcher.exe [2018-06-19] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\xXxXx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b6f30aa888ecb7d7\Chromodo Profile 1.lnk -> C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe (Comodo) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2015-12-26 17:04 - 2012-04-01 01:06 - 002689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2016-01-09 11:07 - 2015-02-18 21:46 - 002383360 _____ () D:\XnView-v2.34-win-full\ShellEx\xnviewshellext64.dll
2017-06-07 12:12 - 2017-06-07 12:12 - 002197608 _____ () C:\Program Files\Everything\Everything.exe
2018-06-30 05:35 - 2018-06-30 05:23 - 003256192 _____ () C:\Users\xXxXx\AppData\Roaming\ZHP\ZHPCleaner.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [175]
AlternateDataStreams: C:\ProgramData\TEMP:8331D35A [328]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\127.0.0.1 -> hxxp://127.0.0.1
IE trusted site: HKU\S-1-5-21-460318521-3142920051-2641109734-1000\...\localhost -> hxxp://localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-06-11 10:36 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-460318521-3142920051-2641109734-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{758BE49C-77E3-4EE6-80BB-5B8D47EC25ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{4DBAEFA5-2FF7-4580-A629-BA3DA92BA344}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{4FA00CF7-EDC0-4AD5-9882-7DF5541C8B56}] => (Allow) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
FirewallRules: [{DE1985DE-D068-4E5D-ACF2-14887B23BBFE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
FirewallRules: [{4EEBA4D5-AC31-41B0-9F18-A980335C6447}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{FC5F59FE-3562-468E-AFE5-FB3CB2551759}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{1C230CC6-EB20-48B1-9A02-BE589FEF2F01}] => (Allow) D:\Microsoft Office 2016 Pro Plus\Office16\outlook.exe
FirewallRules: [{2C54F146-BD90-4319-81B4-8CB9515DC5CD}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C9774200-F835-42B8-8957-A3F8FE9B94AA}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE9B180C-E120-4ABA-82B3-47782B6F8FE7}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D99CDEEA-6AA8-4584-A4DA-D476E55BB4D3}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{699B8778-9537-45FD-8EC4-627FCC714C60}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C8CF861D-F599-4066-9966-7BE0E3D81D2D}] => (Allow) C:\Users\xXxXx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2 1.8.0\AusweisApp2.exe
FirewallRules: [{8469D37B-E3CC-4B66-A972-E3CFD9592315}] => (Allow) LPort=24727
FirewallRules: [{9BE5118B-11D9-482F-916B-CD302D821901}] => (Allow) C:\Users\xXxXx\AppData\Local\Programs\Opera developer\43.0.2420.0\opera.exe
FirewallRules: [{D173F105-B168-464F-9F85-8DDCFED8C139}] => (Allow) C:\Users\xXxXx\AppData\Local\Programs\Opera developer\55.0.2985.0\opera.exe
FirewallRules: [{BEF84F52-7A1B-473C-9274-15E057F9BC88}] => (Allow) C:\Users\xXxXx\AppData\Local\Programs\Opera developer\55.0.2991.0\opera.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Kaspersky Security Data Escort Adapter
Description: Kaspersky Security Data Escort Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Kaspersky Security Data Escort Provider
Service: kltap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2018 08:14:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: aswmbr.exe, Version: 1.0.1.2290, Zeitstempel: 0x54b4df14
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.24150, Zeitstempel: 0x5b0cb980
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e4e3
ID des fehlerhaften Prozesses: 0x470
Startzeit der fehlerhaften Anwendung: 0x01d41038ab18ce1c
Pfad der fehlerhaften Anwendung: C:\Users\xXxXx\Downloads\aswmbr.exe
Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung: ce91f0fe-7c2c-11e8-bca9-1c6f65485878

Error: (06/30/2018 05:12:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rcrawler.exe, Version: 4.5.0.3, Zeitstempel: 0x3e47687a
Name des fehlerhaften Moduls: rcrawler.exe, Version: 4.5.0.3, Zeitstempel: 0x3e47687a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002ef3d
ID des fehlerhaften Prozesses: 0x1e70
Startzeit der fehlerhaften Anwendung: 0x01d41018fdb315a3
Pfad der fehlerhaften Anwendung: C:\PROGRA~2\DCSOFT~1\REGIST~1.5\rcrawler.exe
Pfad des fehlerhaften Moduls: C:\PROGRA~2\DCSOFT~1\REGIST~1.5\rcrawler.exe
Berichtskennung: 5f5fba59-7c13-11e8-8d29-1c6f65485878

Error: (06/30/2018 12:44:45 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/29/2018 07:54:07 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/24/2018 07:40:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: aswmbr.exe, Version: 1.0.1.2290, Zeitstempel: 0x54b4df14
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.24150, Zeitstempel: 0x5b0cb980
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e4e3
ID des fehlerhaften Prozesses: 0x1714
Startzeit der fehlerhaften Anwendung: 0x01d40b7cc0c94ec6
Pfad der fehlerhaften Anwendung: C:\Users\xXxXx\Downloads\aswmbr.exe
Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung: 20caafd3-7771-11e8-a64c-1c6f65485878

Error: (06/24/2018 12:42:47 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/23/2018 09:31:32 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/22/2018 07:19:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DiscRecovery.exe, Version 4.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 710

Startzeit: 01d40a4a971a662d

Endzeit: 7

Anwendungspfad: C:\Program Files (x86)\DiskInternals\CD and DVD Recovery\DiscRecovery.exe

Berichts-ID: 68d61f29-7640-11e8-b894-1c6f65485878


System errors:
=============
Error: (06/30/2018 07:24:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "MSIServer" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{000C101C-0000-0000-C000-000000000046}

Error: (06/30/2018 07:19:20 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Bei DCOM ist der Fehler "1068" aufgetreten, als der Dienst "fdPHost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (06/30/2018 07:19:20 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Bei DCOM ist der Fehler "1068" aufgetreten, als der Dienst "fdPHost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/30/2018 07:18:06 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/30/2018 07:18:01 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "ShellHWDetection" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/30/2018 07:18:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (06/30/2018 07:18:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (06/30/2018 07:18:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.


Windows Defender:
===================================
Date: 2016-08-20 22:07:10.738
Description: 
Bei der Windows Defender-Überprüfung wurde Spyware oder mögliche unerwünschte Software entdeckt.
Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Joke:Win32/CloseCD&threatid=9392
Name:Joke:Win32/CloseCD
ID:9392
Schweregrad:Niedrig
Kategorie:Spaßprogramm
Gefundener Pfad:containerfile:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92;containerfile:C:\Users\xXxXx\Downloads\cd.zip;file:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92;file:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92->open_cd.exe;file:C:\Users\xXxXx\AppData\Local\Temp\Temp1_cd.zip\open_cd.exe;file:C:\Users\xXxXx\Downloads\cd.zip->open_cd.exe;internalfileproxy:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|C:\Users\xXxXx\Downloads\cd.zip;process:pid:2464;webfile:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|hxxp://www.rjlsoftware.com/download/cd.zip;webfile:C:\Users\xXxXx\Downloads\cd.zip|hxxp://www.rjlsoftware.com/download/cd.zip
Feststellungstyp:Konkret
Feststellungsquelle:Downloads und Anlagen
Status:Unbekannt
Benutzer:xXxXxLogo\xXxXx
Prozessname:C:\Program Files\Internet Explorer\iexplore.exe

Date: 2016-08-20 22:06:42.661
Description: 
Bei der Windows Defender-Überprüfung wurde Spyware oder mögliche unerwünschte Software entdeckt.
Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Joke:Win32/CloseCD&threatid=9392
Name:Joke:Win32/CloseCD
ID:9392
Schweregrad:Niedrig
Kategorie:Spaßprogramm
Gefundener Pfad:containerfile:C:\Users\xXxXx\Downloads\cd.zip;file:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92;file:C:\Users\xXxXx\AppData\Local\Temp\Temp1_cd.zip\open_cd.exe;file:C:\Users\xXxXx\Downloads\cd.zip->open_cd.exe;internalfileproxy:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|C:\Users\xXxXx\Downloads\cd.zip;process:pid:2464;webfile:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|hxxp://www.rjlsoftware.com/download/cd.zip;webfile:C:\Users\xXxXx\Downloads\cd.zip|hxxp://www.rjlsoftware.com/download/cd.zip
Feststellungstyp:Konkret
Feststellungsquelle:Downloads und Anlagen
Status:Unbekannt
Benutzer:xXxXxLogo\xXxXx
Prozessname:C:\Program Files\Internet Explorer\iexplore.exe

Date: 2016-08-20 22:06:41.678
Description: 
Bei der Windows Defender-Überprüfung wurde Spyware oder mögliche unerwünschte Software entdeckt.
Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Joke:Win32/CloseCD&threatid=9392
Name:Joke:Win32/CloseCD
ID:9392
Schweregrad:Niedrig
Kategorie:Spaßprogramm
Gefundener Pfad:containerfile:C:\Users\xXxXx\Downloads\cd.zip;file:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92;file:C:\Users\xXxXx\AppData\Local\Temp\Temp1_cd.zip\open_cd.exe;file:C:\Users\xXxXx\Downloads\cd.zip->open_cd.exe;internalfileproxy:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|C:\Users\xXxXx\Downloads\cd.zip;webfile:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|hxxp://www.rjlsoftware.com/download/cd.zip;webfile:C:\Users\xXxXx\Downloads\cd.zip|hxxp://www.rjlsoftware.com/download/cd.zip
Feststellungstyp:Konkret
Feststellungsquelle:Downloads und Anlagen
Status:Unbekannt
Benutzer:xXxXxLogo\xXxXx
Prozessname:C:\Program Files\Internet Explorer\iexplore.exe

Date: 2016-08-20 22:01:31.961
Description: 
Bei der Windows Defender-Überprüfung wurde Spyware oder mögliche unerwünschte Software entdeckt.
Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Joke:Win32/CloseCD&threatid=9392
Name:Joke:Win32/CloseCD
ID:9392
Schweregrad:Niedrig
Kategorie:Spaßprogramm
Gefundener Pfad:containerfile:C:\Users\xXxXx\Downloads\cd.zip;file:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92;file:C:\Users\xXxXx\Downloads\cd.zip->open_cd.exe;internalfileproxy:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|C:\Users\xXxXx\Downloads\cd.zip;webfile:C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\80DA7DA9-114A-BD2D-8368-872A23974899_1d1fbe6cfe38e92|hxxp://www.rjlsoftware.com/download/cd.zip;webfile:C:\Users\xXxXx\Downloads\cd.zip|hxxp://www.rjlsoftware.com/download/cd.zip
Feststellungstyp:Konkret
Feststellungsquelle:Downloads und Anlagen
Status:Unbekannt
Benutzer:xXxXxLogo\xXxXx
Prozessname:C:\Program Files\Internet Explorer\iexplore.exe

CodeIntegrity:
===================================

Date: 2018-01-02 14:02:40.623
Description: 
Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist.

Date: 2018-01-02 14:02:40.561
Description: 
Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist.

Date: 2018-01-02 14:02:40.499
Description: 
Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist.

Date: 2018-01-02 14:02:40.438
Description: 
Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist.

Date: 2018-01-02 14:02:40.376
Description: 
Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist.

Date: 2018-01-02 14:02:40.313
Description: 
Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist.

Date: 2018-01-02 14:02:40.252
Description: 
Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist.

Date: 2018-01-02 14:02:40.190
Description: 
Die Integrität der Datei "\Device\HarddiskVolume9\Windows\Camera\Camera.exe" kann nicht geprüft werden, da das Signaturzertifikat gesperrt wurde. Erkundigen Sie sich beim Herausgeber, ob eine neue signierte Version des Kernelmoduls verfügbar ist.

==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X6 1090T Processor
Percentage of memory in use: 45%
Total physical RAM: 4093.55 MB
Available physical RAM: 2217.84 MB
Total Virtual: 8185.27 MB
Available Virtual: 6397.41 MB

==================== Drives ================================

Drive c: (M2.128GB) (Fixed) (Total:77.28 GB) (Free:6.32 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (M2.25GB) (Fixed) (Total:24.74 GB) (Free:5.91 GB) NTFS
Drive f: (WD10EZRX.1TB) (Fixed) (Total:931.51 GB) (Free:15.5 GB) NTFS
Drive j: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:58.93 GB) NTFS

\\?\Volume{cc43b4aa-b07a-11e5-8ab6-806e6f6e6963}\ (M2.10GB) (Fixed) (Total:9.76 GB) (Free:1.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 1C8EEB54)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 837474D1)
Partition 1: (Active) - (Size=77.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=24.7 GB) - (Type=0F Extended)

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A73A8EC5)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---

--- --- ---


AdwCleaner

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-04-24.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-07-2018
# Duration: 00:00:08
# OS:       Windows 7 Ultimate
# Scanned:  40734
# Detected: 13


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.DriverPack         C:\Users\xXxXx\AppData\Roaming\DRPSu
PUP.Optional.Qweb               C:\ProgramData\Qweb

***** [ Files ] *****

PUP.Optional.SpyHunter          C:\Users\xXxXx\Downloads\SpyHunter-Installer.exe

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverPack         HKCU\Software\drpsu
PUP.Optional.DriverPack         HKLM\Software\Wow6432Node\drpsu
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
         
Eset Online Scan

Code:
ATTFilter
C:\Program Files (x86)\Your Uninstaller! 7\guninstaller.exe	Variante von Win32/Toolbar.Babylon.AK eventuell unerwünschte Anwendung	
C:\Users\xXxXx\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\31.2.5_0\popup.html	JS/Chromex.Agent.AP Trojaner	
C:\Users\xXxXx\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\31.2.5_0\js\background.js	JS/Chromex.Agent.AP Trojaner	
C:\Users\xXxXx\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\31.2.5_0\js\contentScripts\contentScript.js	JS/Chromex.Agent.AP Trojaner	
C:\Users\xXxXx\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\31.2.5_0\js\popup\Popup.js	JS/Chromex.Agent.AP Trojaner	
C:\Users\xXxXx\AppData\Roaming\Opera Software\Opera Developer\Extensions\ipjignndhlpeimkmgpfnappdcohjealh\1.5.2_0\js\contentScripts\contentScript.js	JS/Chromex.Agent.AP Trojaner	
C:\Users\xXxXx\AppData\Roaming\Opera Software\Opera Developer\Extensions\neacgcjokggofibnbfapeaejhclmpple\1.5.3_0\js\contentScripts\contentScript.js	JS/Chromex.Agent.AP Trojaner	
C:\Users\xXxXx\Downloads\Setupe-2.8.1.1130 Build RePack by KpoJIuK.exe	Variante von Generik.FFAPEFE Trojaner	
C:\Users\xXxXx\Downloads\PE Scanner Microsoft_pe-scanner-bin-v1.0.2.7\plugins\peid_plugins\SmartOVR.dll	Variante von Generik.MRAZYUF Trojaner	
F:\Dokumente von xXxXx\offnenDVD.vbs	VBS/CDEject.I Trojaner	
F:\Downloads von xXxXx\installer_jdownloader2_2844787173.exe	Win32/InstallCore.Gen.A eventuell unerwünschte Anwendung	
F:\Downloads von xXxXx\portexpert_lite_1.3.2.5.exe	Variante von Win32/Kcsoft.A eventuell unerwünschte Anwendung	
F:\Downloads von xXxXx\WinMend-File-Splitter.exe	Win32/SunnyDigits.D Trojaner,Variante von Win32/SunnyDigits.D Trojaner	
F:\Downloads von xXxXx\WinRAR.5.50.exe	Win32/Adware.HiRu.J Anwendung	
F:\Downloads von xXxXx\wsc_x6v1610_full.exe	Variante von Win32/UwS.WinSysClean.A Anwendung	
F:\Downloads von xXxXx\JDownloader\tools\Windows\kikin\kikin_installer.exe	Variante von Win32/Kikin.A eventuell unerwünschte Anwendung	
F:\Downloads von xXxXx\Tools\Registry.Winner.6.6.8.30.MD\RegistryWinner_Setup.exe	Variante von Win32/Adware.RegistryVictor.A Anwendung
         
__________________


Alt 27.07.2018, 23:47   #3
duz78
 
Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) - Standard

Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) Log 7



ComboFix

Code:
ATTFilter
ComboFix 18-06-17.01 - xXxXx 08.07.2018  12:50:21.1.6 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.4094.1514 [GMT 2:00]
ausgeführt von:: c:\users\xXxXx\Downloads\Windows 7_ Probleme mit Adware und Crossrider Virus\ComboFix.exe
AV: Kaspersky Total Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Kaspersky Total Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
SP: Kaspersky Total Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ECD236AB79.sys
c:\programdata\ntuser.pol
c:\users\xXxXx\AppData\Local\assembly\tmp
c:\users\xXxXx\AppData\Roaming\DRPSu
c:\windows\SysWow64\MSCOMCTL.1
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINISOCDBUS
-------\Service_WinisoCDBus
.
.
(((((((((((((((((((((((   Dateien erstellt von 2018-06-08 bis 2018-07-08  ))))))))))))))))))))))))))))))
.
.
2018-07-08 02:16 . 2018-07-08 02:16	--------	d-----w-	c:\program files (x86)\FRITZ!Box Monitor
2018-07-08 00:51 . 2018-07-08 00:51	--------	d-----w-	c:\program files\FRITZ!Box
2018-07-08 00:51 . 2018-07-08 00:51	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2018-07-07 03:02 . 2018-07-07 03:03	--------	d-----w-	C:\AdwCleaner
2018-07-06 22:57 . 2018-07-08 10:37	--------	d-----w-	c:\users\xXxXx\AppData\Local\CrashDumps
2018-07-06 19:10 . 2018-07-06 20:13	152688	----a-w-	c:\windows\system32\drivers\mbae64.sys
2018-07-06 19:10 . 2018-07-06 19:10	--------	d-----w-	c:\programdata\Malwarebytes
2018-07-06 19:10 . 2018-07-06 19:10	--------	d-----w-	c:\program files\Malwarebytes
2018-06-30 08:44 . 2018-06-30 08:44	--------	d-----w-	c:\windows\AutoKMS
2018-06-30 04:57 . 2018-06-30 04:57	--------	d-----w-	c:\program files (x86)\Common Files\Borland Shared
2018-06-30 04:57 . 1999-11-12 03:11	183808	----a-w-	c:\windows\SysWow64\BDEADMIN.CPL
2018-06-30 04:57 . 1999-01-20 03:01	210032	----a-w-	c:\windows\SysWow64\DBCLIENT.DLL
2018-06-30 03:30 . 2018-06-30 08:45	--------	d-----w-	c:\program files (x86)\UsbFix
2018-06-30 03:08 . 2018-06-30 03:08	--------	d-----w-	c:\users\xXxXx\AppData\Roaming\Safer Networking
2018-06-24 04:16 . 2018-06-24 04:16	--------	d-----w-	c:\users\xXxXx\AppData\Roaming\Notepad++
2018-06-22 10:25 . 2018-07-07 03:07	--------	d-----w-	c:\users\xXxXx\AppData\Roaming\ZHP
2018-06-16 11:02 . 2018-05-25 04:11	628736	----a-w-	c:\program files\Internet Explorer\jsprofilerui.dll
2018-06-16 11:02 . 2018-05-25 04:05	1217024	----a-w-	c:\program files\Internet Explorer\networkinspection.dll
2018-06-16 11:02 . 2018-05-25 03:50	579584	----a-w-	c:\program files (x86)\Internet Explorer\jsprofilerui.dll
2018-06-16 11:02 . 2018-05-25 03:45	1075200	----a-w-	c:\program files (x86)\Internet Explorer\networkinspection.dll
2018-06-16 11:02 . 2018-05-25 04:15	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2018-06-16 11:02 . 2018-05-25 05:10	25742848	----a-w-	c:\windows\system32\mshtml.dll
2018-06-16 11:02 . 2018-05-25 03:53	15283200	----a-w-	c:\windows\system32\ieframe.dll
2018-06-16 09:50 . 2018-02-10 17:26	51712	----a-w-	c:\windows\system32\sdchange.exe
2018-06-16 08:57 . 2018-06-16 08:57	--------	d-----w-	c:\programdata\LGE
2018-06-16 08:57 . 2018-06-16 08:57	--------	d-----w-	c:\programdata\HTC
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-06-01 16:46 . 2018-06-01 16:46	25392	----a-w-	c:\windows\system32\drivers\myfault.sys
2018-05-29 02:22 . 2018-06-16 10:57	44544	----a-w-	c:\windows\apppatch\acwow64.dll
2018-05-06 09:12 . 2017-12-24 11:39	142024	----a-w-	c:\windows\system32\drivers\klwtp.sys
2018-05-06 09:12 . 2017-12-24 11:39	1073344	----a-w-	c:\windows\system32\drivers\klif.sys
2018-05-06 09:12 . 2017-04-28 13:05	56520	----a-w-	c:\windows\system32\drivers\klim6.sys
2018-05-06 09:12 . 2017-12-24 11:39	206024	----a-w-	c:\windows\system32\drivers\klflt.sys
2018-05-06 09:12 . 2017-12-24 11:39	152360	----a-w-	c:\windows\system32\klhkum.dll
2018-05-06 09:12 . 2017-12-24 11:39	119496	----a-w-	c:\windows\system32\drivers\klbackupflt.sys
2018-05-06 09:12 . 2017-12-24 11:39	1192128	----a-w-	c:\windows\system32\drivers\klhk.sys
2018-05-05 15:45 . 2016-06-11 12:18	804864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2018-05-05 15:45 . 2016-06-11 12:18	144896	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-07-31 09:01	1512152	----a-w-	c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-07-31 09:01	1512152	----a-w-	c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-07-31 09:01	1512152	----a-w-	c:\progra~2\MICROS~1\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\xXxXx\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2015-08-19 3389160]
"MRUTray"="c:\program files (x86)\Marvell\raid\tray\MarvellTray.exe" [2010-03-08 731176]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2013-03-14 373760]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
.
c:\users\xXxXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - d:\microsoft office 2016 pro plus\Office16\ONENOTEM.EXE /tsr [2015-7-31 171696]
C2DtoG15.lnk - c:\program files (x86)\C2DtoG15\C2DtoG15.exe [2016-1-23 596992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 abelssoft_recordify;Abelssoft Recordify Audio Device (WDM);c:\windows\system32\drivers\recordify.sys;c:\windows\SYSNATIVE\drivers\recordify.sys [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 ATICDSDr;ATICDSDr;c:\users\xXxXx\AppData\Local\Temp\ATICDSDr.sys;c:\users\xXxXx\AppData\Local\Temp\ATICDSDr.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys;c:\windows\SYSNATIVE\DRIVERS\kltap.sys [x]
R3 klvssbridge64_18.0.0;klvssbridge64_18.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [x]
R3 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGJoyXlCore;Logitech xXxXxlation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 MYFAULT;MYFAULT;c:\windows\system32\drivers\myfault.sys;c:\windows\SYSNATIVE\drivers\myfault.sys [x]
R3 netr7364;Askey RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 netwlv64;    Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netwlv64.sys;c:\windows\SYSNATIVE\DRIVERS\netwlv64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys;c:\windows\SYSNATIVE\Drivers\pssdk42.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SCL01164;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01164.sys;c:\windows\SYSNATIVE\DRIVERS\SCL01164.sys [x]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys;c:\windows\SYSNATIVE\DRIVERS\sis163u.sys [x]
R3 SIVDriver;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys;c:\windows\SYSNATIVE\Drivers\SIVX64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WirelessKeyboardFilter;Wireless Keyboard Filter Device Service;c:\windows\system32\DRIVERS\WirelessKeyboardFilter.sys;c:\windows\SYSNATIVE\DRIVERS\WirelessKeyboardFilter.sys [x]
R4 ChromodoUpdater;COMODO Chromodo Update Service;c:\program files (x86)\Comodo\Chromodo\chromodo_updater.exe;c:\program files (x86)\Comodo\Chromodo\chromodo_updater.exe [x]
R4 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R4 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe [x]
R4 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [x]
R4 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R4 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S1 epp;epp;f:\downloads von xXxXx\EmsisoftEmergencyKit\BIN64\epp.sys;f:\downloads von xXxXx\EmsisoftEmergencyKit\BIN64\epp.sys [x]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetLwf.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AVP18.0.0;Kaspersky Anti-Virus Service 18.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [x]
S2 Everything;Everything;c:\program files\Everything\Everything.exe;c:\program files\Everything\Everything.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [x]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [x]
S2 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x]
S2 SystoG15Svc;SystoG15 Service;c:\program files (x86)\C2DtoG15\SystoG15Svc.exe;c:\program files (x86)\C2DtoG15\SystoG15Svc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\C2DtoG15\WinRing0x64.sys;c:\program files (x86)\C2DtoG15\WinRing0x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WINRING0_1_2_0
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr QWAVE wcncsvc
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-07-31 08:59	2165976	----a-w-	d:\micros~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-07-31 08:59	2165976	----a-w-	d:\micros~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-07-31 08:59	2165976	----a-w-	d:\micros~1\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-26 13213840]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 397320]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 2049544]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 3837960]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Webseite in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIECapture.html
IE: An OneNote s&enden - d:\micros~1\Office16\ONBttnIE.dll/105
IE: FRITZ!Box Dial - c:\program files\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm
IE: FRITZ!Box Dial\Contexts - 16 (0x10)
IE: FRITZ!Box Dial\Flags
IE: Lin&kziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - d:\micros~1\Office16\EXCEL.EXE/3000
IE: Webseite vorhandener PDF-Datei hinzufügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIEAppend.html
Trusted Zone: localhost
TCP: DhcpNameServer = xxx.XXX.xxx.XXX
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - c:\program files (x86)\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\Office16\MSOSB.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-SARDU - e:\wdc wd32 msi-laptop\Desktop copy\03-11-2015 Administrator\SARDU_2.0.6.5\SARDU\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AB20CF9-23F1-C7FA-9AC6-FAD2CF872280}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5A60BEC5-0AB7-A297-1743-1C08581F06A9}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8501ADC-BC7F-0CD6-7512-0C63BBD73688}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-460318521-3142920051-2641109734-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEA1CEFE-06DE-AC13-FAA1-8390C38F1541}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_140_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_140_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_140_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_140_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.29"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2018-07-08  13:15:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2018-07-08 11:15
.
Vor Suchlauf: 5.449.121.792 Bytes frei
Nach Suchlauf: 5.774.356.480 Bytes frei
.
- - End Of File - - A008AE54516E19DE45A42F865C6865AC
A36C5E4F47E84449FF07ED3517B43A31
         
Vielen Dank im Voraus für die Hilfe und ich erwarte eure Anweisungen wie es weiter gehen soll.
__________________

Alt 29.07.2018, 15:47   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) - Standard

Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018)



Code:
ATTFilter
\AutoPico Daily Restart -> No File <==== ATTENTION
c:\windows\AutoKMS
         
Autopico/AutoKMS und ein Windows 7 Ultimate? Diese Kiste wird nicht bereinigt, denn ganz offensichtlich hast du da ne gecrackte Windows-Installation.

Für dich geht es da weiter --> und Neuinstallation von Windows

Selbstverständlich brauchst du für eine legale Aktivierung von Windows 10 einen legalen/gültigen Windows-Key.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018)
.com, adware, anhang, auszug, c:\windows, code, comodo, crossrider, folge, folgendes, frage, fragen, google, hack, microsoft, ordner, programme, registry, scan, search, software, system, system32, tarma, umgeleitet, windows, windows 7, zusätzliche



Ähnliche Themen: Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018)


  1. Windows 10: Adware.Elex, Adware.Elex.Generic, Adware Ghokswa lassen sich nicht vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.05.2017 (1)
  2. Avira meldet ständig Fund: ADWARE/CrossRider.VU
    Log-Analyse und Auswertung - 06.09.2015 (19)
  3. Windows 7 nach Datei download Virenbefall (ADWARE/SuperFish.342192 und ADWARE/CrossRider.Gen7)
    Log-Analyse und Auswertung - 23.07.2015 (36)
  4. Adware crossrider.gz gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.05.2015 (11)
  5. Windows 7: Probleme mit Adware und Crossrider Virus
    Log-Analyse und Auswertung - 03.05.2015 (9)
  6. Windows 8.1:Variant.Adware.Graftor.159320+Adware.Generic.1133960-Virenbefall?
    Log-Analyse und Auswertung - 13.01.2015 (32)
  7. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  8. Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden
    Log-Analyse und Auswertung - 22.10.2014 (4)
  9. eBay-Fake eMail mit ZIP Anhang gespeichert, Windows 7- Avira: Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 29.08.2014 (17)
  10. TR/Drop.Agent.219420 // ADWARE/CrossRider.A.10448
    Log-Analyse und Auswertung - 24.07.2014 (13)
  11. Virenfund: adware\crossrider
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (3)
  12. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  13. ADWARE/InstallCore.Gen, ADWARE/Yontoo.Gen und ADWARE/InstallCore.E von AVIRA gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  14. Absturz Firefox und Funde ADWARE/InstallMat.D, TR/Barys.443.5, ADWARE/Adware.Gen6
    Log-Analyse und Auswertung - 03.01.2013 (19)
  15. USB-Stick enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2012 (25)
  16. Testbundle23w_1254[1].exe enthält Erkennungsmuster der Adware ADWARE/Adware.GEN
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (5)
  17. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)

Zum Thema Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) - Hallo Community, In Comodo IceDragen werden Google suchanfragen umgeleitet, des Weiteren habe ich Aussetzer beim Radiostream und Youtube. Den ersten Scan erfolgte mit ZHPDiag v2018.6.22.140 im Abgesichten Modus. Dabei habe - Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018)...
Archiv
Du betrachtest: Windows 7 X64 – Adware.CrossRider und Adware.Tarma (2018) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.