Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.07.2017, 11:55   #1
Marc4468
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



Hallo Leute,

da ich meinen Computer u.a. für onlinebanking und Shopping (Amazon etc.) nutze, scanne ich ihne gelegentlich (MBAM, AdwCleaner, SecurityCheck, ESET online Scanner).
Gestern habe ich o.g. Programme mal wieder durchlaufen lassen und AdwCleaner hat o.g. Meldung und folgendes Logfile ausgespuckt:
Zitat:
# AdwCleaner 7.0.0.0 - Logfile created on Fri Jul 28 09:33:14 2017
# Updated on 2017/17/07 by Malwarebytes
# Database: 07-27-2017.2
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.DriverAgent, C:\Windows\System32\drivers\DRVAGENT64.SYS



***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S1].txt - [1063 B] - [2016/6/15 8:53:56]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########
Hier noch die SecurityCheck-Logfile:
Zitat:
Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Adobe Flash Player 25.0.0.148
Mozilla Firefox (54.0.1)
Mozilla Thunderbird (45.8.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Exploit mbae.exe
Malwarebytes Anti-Exploit mbae-svc.exe
Malwarebytes Anti-Exploit mbae64.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Habe schon vergeblich versucht, Java über Systemsteuerung upzudaten. Werde ich später mal deinstallieren und nach Neustart die neuste Version installieren.

ESET (online Scanner) und MBAM haben keine Meldungen ausgespuckt, wobei der ESET Scanner nach 5 Std. Laufzeit und bei 57 % nicht weiterlief. Vmtl. weil der PC sich zwischendurch mal in den Ruhezustand abgeschaltet hat...

Nun Frage ich mich, ob ich mir wegen des Adw-Eintrags Sorgen machen muss oder ob alles okay ist. Vielen Dank schonmal vorab!

Vg Marc


edit: auch nachdem ich Java neu installiert habe zeigt SecurityCheck noch an, dass es out of date sei. Dass ich die 32 bit Version habe stimmt auch nicht. Habe die 64er installiert

Geändert von Marc4468 (28.07.2017 um 12:27 Uhr)

Alt 29.07.2017, 21:20   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 06.08.2017, 15:37   #3
Marc4468
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Marc (administrator) on MARC0301 (06-08-2017 15:27:40)
Running from C:\Users\Marc\Desktop\FRST
Loaded Profiles: Marc (Available Profiles: Marc)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Flux Software LLC) C:\Users\Marc\AppData\Local\FluxSoftware\Flux\flux.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Marc\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-08-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2480584 2017-07-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [f.lux] => C:\Users\Marc\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [Spotify Web Helper] => C:\Users\Marc\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-07-24] (Spotify Ltd)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {32f8eaf6-9362-11e5-993d-c80aa919f756} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {339cfec1-0d6a-11e6-9eec-ca8a52d0afe8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {339cfecb-0d6a-11e6-9eec-ca8a52d0afe8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {339cfee8-0d6a-11e6-9eec-ca8a52d0afe8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {339cfeec-0d6a-11e6-9eec-ca8a52d0afe8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {339cfef5-0d6a-11e6-9eec-ca8a52d0afe8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {66dae7e0-80f1-11e5-b4d1-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {66dae827-80f1-11e5-b4d1-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {6e2b2c75-baa7-11e5-a8c3-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {6e2b2c7a-baa7-11e5-a8c3-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {6e2b2c8a-baa7-11e5-a8c3-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {77356fe6-80ec-11e5-9f44-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {a77c9a00-499e-11e6-aa56-c80aa919f756} - F:\HiSuiteDownLoader.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4A966556-5BCE-4BCC-AD5F-9CB64A80F68A}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{95DD06B1-9F2F-40D5-8060-12D8F892479C}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{96A52E63-09DC-448C-9791-34C844800DBC}: [NameServer] 137.226.143.2,137.226.143.6

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_72\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-21] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_72\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-07-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2017-07-21] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ygvo6xro.default
FF ProfilePath: C:\Users\Marc\Dropbox\Firefox\ygvo6xro.default [not found] <==== ATTENTION
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-19] ()
FF Plugin: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-21] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-07-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR StartupUrls: "hxxp://www.google.de/"
OPR Extension: (Ghostery) - C:\Users\Marc\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2017-07-29]
OPR Extension: (DotVPN — a better way to VPN) - C:\Users\Marc\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2016-12-12]
OPR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\Marc\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmffjpdmbgflojiohllanjaggdenggdo [2015-11-26]
OPR Extension: (Adblock Plus) - C:\Users\Marc\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-07-21]
OPR Extension: (Bookmarks Import & Export) - C:\Users\Marc\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2016-10-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-08-04] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155080 2017-07-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
R2 postgresql-x64-9.3; C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe [90624 2015-10-06] (PostgreSQL Global Development Group) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-06] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-06] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77432 2017-07-18] ()
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R1 MpKsld05f9fde; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9AA0DD1A-9E2C-4BDE-A373-67D3C2789410}\MpKsld05f9fde.sys [44928 2017-08-06] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-06 15:27 - 2017-08-06 15:27 - 000000000 ____D C:\FRST
2017-08-06 15:26 - 2017-08-06 15:27 - 000000000 ____D C:\Users\Marc\Desktop\FRST
2017-08-06 14:59 - 2017-08-06 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-04 03:43 - 2017-08-04 03:43 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-08-04 03:43 - 2017-08-04 03:43 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-08-04 03:43 - 2017-08-04 03:43 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-08-04 03:43 - 2017-08-04 03:43 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-07-28 12:08 - 2017-07-28 12:07 - 000110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-07-28 12:07 - 2017-07-28 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-28 12:07 - 2017-07-28 12:07 - 000000000 ____D C:\Program Files\Java
2017-07-28 11:57 - 2017-07-28 11:57 - 057286752 _____ (Oracle Corporation) C:\Users\Marc\Downloads\jre-8u72-windows-x64.exe
2017-07-28 11:31 - 2017-07-28 11:31 - 008162248 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.0.0(1).exe
2017-07-28 11:30 - 2017-07-28 11:30 - 008186320 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.1.0.exe
2017-07-28 11:30 - 2017-07-28 11:30 - 008186320 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.1.0(1).exe
2017-07-28 01:38 - 2017-07-28 01:39 - 000086125 _____ C:\Users\Marc\Downloads\Studienbescheinigung_352525_28.07.2017.pdf
2017-07-27 16:56 - 2017-07-27 16:56 - 000000000 _____ C:\Users\Marc\Downloads\Angebote 28.17.pdf
2017-07-27 15:56 - 2017-07-27 15:56 - 000001063 _____ C:\Users\Marc\Desktop\Adw Logfile.txt
2017-07-27 15:39 - 2017-07-27 15:39 - 008162248 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.0.0.exe
2017-07-27 12:30 - 2017-07-27 12:31 - 058768717 _____ (Igor Pavlov) C:\Users\Marc\Downloads\WinFuture_7SP1_x64_UpdateFix_1.0.exe
2017-07-27 11:17 - 2017-07-27 11:24 - 1908026907 _____ (Igor Pavlov) C:\Users\Marc\Downloads\WinFuture_7SP1_x64_UpdatePack_2.77_Juli_2017-Vollversion.exe
2017-07-26 14:36 - 2017-07-26 14:36 - 000113755 _____ C:\Users\Marc\Downloads\Zusammenfassung Kontowechsel.pdf
2017-07-26 12:51 - 2017-07-26 12:51 - 000018324 _____ C:\Users\Marc\Downloads\Brief_an_Allianz_Versicherungs-AG.pdf
2017-07-24 13:05 - 2017-07-24 13:05 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-07-24 03:35 - 2017-07-24 03:35 - 000001555 _____ C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\partypoker.lnk
2017-07-24 03:35 - 2017-07-24 03:35 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\partypoker
2017-07-15 13:16 - 2017-07-15 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
2017-07-15 11:38 - 2017-07-15 11:38 - 009747512 _____ (Piriform Ltd) C:\Users\Marc\Downloads\ccsetup532.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-06 15:26 - 2016-11-26 17:45 - 000000000 ____D C:\Users\Marc\AppData\LocalLow\Mozilla
2017-08-06 15:18 - 2015-11-02 02:41 - 000001210 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-06 15:01 - 2015-11-02 02:41 - 000001206 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-06 14:59 - 2015-11-02 02:41 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-04 11:02 - 2017-01-08 23:04 - 000000000 ____D C:\Users\Marc\AppData\Local\CrashDumps
2017-08-03 12:30 - 2015-11-02 22:08 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-07-31 17:35 - 2009-07-14 07:13 - 000786370 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-31 17:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-07-29 10:42 - 2015-12-17 14:10 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Skype
2017-07-28 12:13 - 2009-07-14 06:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-28 12:13 - 2009-07-14 06:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-28 12:07 - 2016-03-10 09:34 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-07-28 12:06 - 2015-12-17 23:38 - 000000000 ____D C:\Program Files (x86)\Steam
2017-07-28 12:04 - 2016-06-15 11:27 - 000000000 ___RD C:\Users\Marc\Google Drive
2017-07-28 12:03 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-28 12:01 - 2015-11-04 00:07 - 000000000 ____D C:\Users\Marc\AppData\Roaming\KeePass
2017-07-28 11:31 - 2016-06-15 10:53 - 000000000 ____D C:\AdwCleaner
2017-07-28 02:03 - 2015-11-02 02:50 - 000000000 ___RD C:\Users\Marc\Dropbox
2017-07-27 12:41 - 2015-12-17 23:46 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-27 12:39 - 2016-12-13 06:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-07-27 11:55 - 2015-11-02 03:14 - 000000000 ____D C:\ProgramData\Oracle
2017-07-27 10:50 - 2016-03-10 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2017-07-27 10:50 - 2016-03-10 09:34 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-07-26 19:19 - 2016-12-23 15:41 - 000000000 ____D C:\Program Files\paint.net
2017-07-26 01:12 - 2015-11-02 02:33 - 000000000 ____D C:\Users\Marc\AppData\Local\Spotify
2017-07-25 23:45 - 2015-11-02 02:33 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Spotify
2017-07-24 16:55 - 2016-10-27 17:34 - 000000000 ____D C:\Users\Marc\AppData\Local\PokerStars.EU
2017-07-24 16:53 - 2016-10-27 17:32 - 000000000 ____D C:\Program Files (x86)\PokerStars.EU
2017-07-24 13:05 - 2015-11-03 00:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-24 13:05 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-07-24 13:03 - 2015-11-03 00:43 - 000000000 ____D C:\Program Files\Microsoft Office
2017-07-24 03:35 - 2016-06-14 08:42 - 000001531 _____ C:\Users\Marc\Desktop\partypoker.lnk
2017-07-24 03:35 - 2015-12-30 23:11 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-07-21 16:00 - 2015-11-11 02:12 - 000003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1447200738
2017-07-21 16:00 - 2015-11-11 02:12 - 000000000 ____D C:\Program Files (x86)\Opera
2017-07-19 09:03 - 2015-11-11 02:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-18 10:45 - 2015-11-02 22:01 - 000000000 ____D C:\Users\Marc\AppData\Local\Adobe
2017-07-18 10:21 - 2015-11-11 02:35 - 000004448 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-18 10:21 - 2015-11-03 15:39 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-18 10:21 - 2015-11-03 15:39 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-18 10:21 - 2015-11-03 15:39 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-18 10:21 - 2015-11-03 15:39 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-15 13:16 - 2016-06-14 08:42 - 000001537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk
2017-07-15 13:16 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-07-15 11:59 - 2015-11-25 13:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-15 11:39 - 2015-11-03 00:45 - 000000829 _____ C:\Users\Public\Desktop\CCleaner.lnk

==================== Files in the root of some directories =======

2016-11-30 17:19 - 2014-09-09 19:44 - 000017542 _____ () C:\Users\Marc\AppData\Local\amazon.ico
2017-04-11 17:38 - 2017-04-11 17:38 - 000002092 _____ () C:\Users\Marc\AppData\Local\recently-used.xbel
2015-11-02 03:21 - 2017-05-18 18:27 - 000007600 _____ () C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
2015-11-04 22:45 - 2015-11-04 22:45 - 000004967 _____ () C:\ProgramData\flwjycbm.bab
2016-11-09 10:12 - 2016-11-09 10:12 - 000000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-07-27 11:53 - 2017-07-27 11:53 - 000740416 _____ (Oracle Corporation) C:\Users\Marc\AppData\Local\Temp\jre-8u144-windows-au.exe
2016-06-14 20:35 - 2016-06-14 20:35 - 002458672 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Marc\AppData\Local\Temp\libeay32.dll
2016-06-14 20:35 - 2016-06-14 20:35 - 000970912 _____ (Microsoft Corporation) C:\Users\Marc\AppData\Local\Temp\msvcr120.dll
2016-06-14 20:35 - 2016-06-14 20:35 - 000772672 _____ () C:\Users\Marc\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-24 16:24

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---

--- --- ---


Additional
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Marc (06-08-2017 15:29:45)
Running from C:\Users\Marc\Desktop\FRST
Windows 7 Professional Service Pack 1 (X64) (2015-11-01 20:15:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1193974182-2009185625-738568622-500 - Administrator - Disabled)
Guest (S-1-5-21-1193974182-2009185625-738568622-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1193974182-2009185625-738568622-1002 - Limited - Enabled)
Marc (S-1-5-21-1193974182-2009185625-738568622-1000 - Administrator - Enabled) => C:\Users\Marc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.177 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
BRAINYOO (HKLM-x32\...\BRAINYOO) (Version:  - BRAINYOO Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0190 - Disc Soft Ltd)
Dropbox (HKLM-x32\...\Dropbox) (Version: 31.4.25 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.1.18829 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Flux) (Version:  - )
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Java 8 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418072F0}) (Version: 8.0.720.15 - Oracle Corporation)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
Left 4 Dead (HKLM\...\Steam App 500) (Version:  - Valve)
Malwarebytes Anti-Exploit version 1.10.1.24 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.10.1.24 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.7766.2096 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 de)) (Version: 54.0.1 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Opera Stable 46.0.2597.57 (HKLM-x32\...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
partypoker (HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\PartyPoker) (Version:  - )
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
PostgreSQL 9.3  (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
SleepTimer Ultimate 1.3 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version:  - Christian Handorf)
Spotify (HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sync-my-L2P (HKLM-x32\...\Sync-my-L2P 2.2.0) (Version: 2.2.0 - Sync-my-L2P)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
TomTom Sports Connect (HKLM-x32\...\TomTom Sports Connect) (Version: 3.2.9.0 - TomTom International B.V.)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-01-08] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00978EFB-6065-4464-9AB2-779962A9B909} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-21] (Microsoft Corporation)
Task: {0C4939D2-9B80-433A-B162-A6E24CA1F03C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-21] (Microsoft Corporation)
Task: {0FF16577-60A9-4ED9-B298-E24F34521769} - System32\Tasks\{FCF9FF73-2197-460C-BE84-7F1919711A51} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {113AFF30-432E-47FB-90B5-D1604779281F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {1E96EF7D-7AAC-4DC6-8549-63FA470B268B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-21] (Microsoft Corporation)
Task: {236E2438-4132-40D2-B6DD-1547E2F957ED} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {403F01C8-7F76-4259-A483-0A872D97D6E5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {5444C930-9E6D-4AE7-9ABB-EE11E0973D75} - System32\Tasks\Opera scheduled Autoupdate 1447200738 => C:\Program Files (x86)\Opera\launcher.exe [2017-07-18] (Opera Software)
Task: {60436C72-DF4D-4885-80E5-D52014269A03} - System32\Tasks\{0C4A7C21-C0C0-49C2-8202-FF4E0FF00267} => C:\games\Holiday_Island\UNINST.EXE
Task: {61C78EB6-B8DF-4209-A3D1-0C014F4CB82B} - System32\Tasks\{171A7EB0-97AA-487E-BE23-C60A7B705636} => C:\games\Holiday_Island\UNINST.EXE
Task: {64FE1D2F-7B4B-4117-A104-83801A963C3C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {693E346B-11E2-4B01-B7FC-8877E47D0D57} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {696F70F6-13B5-47CB-A468-E5C55E816E2C} - System32\Tasks\{0BF2C2C7-F34D-4D7E-8686-A0E4A44535B2} => C:\games\Holiday_Island\UNINST.EXE
Task: {78E9DB36-2802-4CB4-8B38-6BA7A3E6E174} - System32\Tasks\{215ED462-036C-40C0-B2F6-28E8786ED175} => C:\Windows\system32\pcalua.exe -a C:\Users\Marc\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {7AA03F05-35A8-498D-A9CC-2DEE9821D89F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-18] (Adobe Systems Incorporated)
Task: {A41513C2-B3E4-4818-B4E1-947B5D6A5575} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-15] (Google Inc.)
Task: {B15C9573-1AF6-47C6-98F6-8108E5BCF5E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-15] (Google Inc.)
Task: {CCCAEEEB-4A2E-4406-82F7-625B9BF9E65E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Marc\Desktop\runme - Shortcut.lnk -> C:\Programs\PartyTools4.4\runme.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-12-20 15:30 - 2016-11-14 13:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-27 00:37 - 2015-04-17 17:53 - 000022528 _____ () C:\Windows\System32\ssy3clm.dll
2016-04-26 23:55 - 2015-03-12 04:43 - 000022528 _____ () C:\Windows\System32\ux003lm.dll
2017-04-11 04:17 - 2017-04-11 04:17 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-12-20 15:31 - 2016-11-14 14:30 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2015-11-05 20:53 - 2015-10-06 06:21 - 000179712 _____ () C:\Program Files\PostgreSQL\9.3\bin\LIBPQ.dll
2015-11-05 20:53 - 2014-02-05 11:16 - 001336832 _____ () C:\Program Files\PostgreSQL\9.3\bin\libxml2.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-08-03 09:02 - 2017-08-04 03:46 - 000025408 _____ () C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
2016-12-20 15:31 - 2016-11-14 14:30 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-07-28 12:03 - 2017-07-28 12:03 - 000098816 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32api.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000110080 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\pywintypes27.dll
2017-07-28 12:03 - 2017-07-28 12:03 - 000364544 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\pythoncom27.dll
2017-07-28 12:03 - 2017-07-28 12:03 - 000320512 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32com.shell.shell.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000914432 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\_hashlib.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 001176576 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\wx._core_.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000806400 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\wx._gdi_.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000816128 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\wx._windows_.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 001067008 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\wx._controls_.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000733184 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\wx._misc_.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000682496 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\pysqlite2._sqlite.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000088064 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\_ctypes.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000686080 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\unicodedata.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000119808 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32file.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000108544 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32security.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000007168 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\hashobjs_ext.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000017920 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\thumbnails_ext.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000088064 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\usb_ext.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000012800 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\common.time34.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000018432 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32event.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000167936 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32gui.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000046080 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\_socket.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 001303552 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\_ssl.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000128512 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\_elementtree.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000127488 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\pyexpat.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000038912 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32inet.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000036864 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\_psutil_windows.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000524248 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\windows._lib_cacheinvalidation.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000011264 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32crypt.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000123392 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\wx._wizard.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000077312 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\wx._html2.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000027648 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\_multiprocessing.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000020480 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\_yappi.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000035840 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32process.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000078848 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\wx._animate.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000024064 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32pipe.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000010240 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\select.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000025600 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32pdh.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000017408 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32profile.pyd
2017-07-28 12:03 - 2017-07-28 12:03 - 000022528 ____R () C:\Users\Marc\AppData\Local\Temp\_MEI9042\win32ts.pyd
2017-08-06 14:58 - 2017-08-04 03:43 - 000746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-08-06 14:58 - 2017-08-04 03:43 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-08-06 14:56 - 2017-08-04 03:43 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-08-03 09:02 - 2017-08-04 03:46 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-08-06 14:56 - 2017-08-04 03:43 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-08-06 14:58 - 2017-08-04 03:44 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-08-06 14:56 - 2017-08-04 03:43 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-08-06 14:58 - 2017-08-04 03:44 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-08-06 14:58 - 2017-08-04 03:44 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-08-06 14:59 - 2017-08-04 03:43 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-08-06 14:58 - 2017-08-04 03:43 - 000020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-08-06 14:59 - 2017-08-04 03:43 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-08-03 09:02 - 2017-08-04 03:43 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-08-06 14:56 - 2017-08-04 03:46 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-08-06 14:58 - 2017-08-04 03:45 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-08-06 14:59 - 2017-08-04 03:43 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-08-06 14:59 - 2017-08-04 03:43 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-08-03 09:02 - 2017-08-04 03:46 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-08-06 14:56 - 2017-08-04 03:46 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-08-06 14:58 - 2017-08-04 03:44 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-08-06 14:56 - 2017-08-04 03:46 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-08-06 14:56 - 2017-08-04 03:46 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-08-03 09:02 - 2017-08-04 03:43 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-08-06 14:56 - 2017-08-04 03:46 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-08-06 14:56 - 2017-08-04 03:46 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-08-06 14:56 - 2017-08-04 03:46 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-08-06 14:56 - 2017-08-04 03:46 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-08-06 14:56 - 2017-08-04 03:46 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-08-06 14:58 - 2017-08-04 03:45 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-08-06 14:56 - 2017-08-04 03:43 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-08-06 14:56 - 2017-08-04 03:46 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-08-06 14:59 - 2017-08-04 03:43 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-08-06 14:58 - 2017-08-04 03:45 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-08-03 09:02 - 2017-08-04 03:46 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-08-06 14:58 - 2017-08-04 03:45 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-08-06 14:59 - 2017-08-04 03:45 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-08-06 14:56 - 2017-08-04 03:46 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-08-03 09:02 - 2017-08-04 03:46 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-08-06 14:59 - 2017-08-04 03:45 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-07-15 11:33 - 2017-08-04 03:43 - 000697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2017-07-02 23:33 - 2017-07-02 23:33 - 023780336 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-12-23 20:10 - 2016-12-23 20:10 - 000323152 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2017-04-05 02:38 - 2017-04-05 02:38 - 069743184 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Marc:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Marc\Desktop\alter KL Kram (aus maschboard - pm):com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marc\Desktop\ARD ZDF Rundfunkbeitrag Brief.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marc\Desktop\Gedächtnisprotokoll KL I SS16.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marc\Desktop\IMG_2928.JPG:com.dropbox.attributes [424]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\sharepoint.com -> hxxps://bwedu-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1193974182-2009185625-738568622-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Marc\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{3A99208D-508C-4055-9A27-95DDD9A736DE}C:\users\marc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2CC9CE62-959C-4914-BDA8-2525C3B82670}C:\users\marc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{16E7BCAA-468E-45BE-9C5D-710AD3A2D78D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B7FF3375-B1D5-4257-9143-5728AD23D4DE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{695858C1-19FF-4259-A72E-A9341B966476}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC96E459-6EEA-4BD6-96EE-5E56568EE9F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0ECD79A1-8ED5-456F-A073-D71C12DA4439}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{52C60CAB-EB98-46F6-9386-8948955B1948}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F6AE9AF4-8FC6-4480-92EF-E987C5A54F83}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3AFF5CE8-22AE-405E-9CC8-E934425F78B1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E68F2657-D166-4CF9-A0FA-2B5E152F10E6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{93C0503C-0A0E-475E-9503-42FAF6F02690}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23ADA9BA-D9B9-4956-B259-EC8F31471C34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{540DCEAF-1585-4342-9240-CA4883598A96}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe
FirewallRules: [UDP Query User{7E6EF55B-7030-4428-B9D8-ACE790C3453B}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe
FirewallRules: [{909A8D67-ACE1-4AB3-95A9-2113297977C3}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{CA1A92BC-FDCB-46BE-992E-C2388994C8B4}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{3BBEBB77-FDAA-432F-A260-781881AA18A9}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{29C1F4DC-FC96-40CC-A976-986C2B04BFB2}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{F4AA2E52-B0CB-4A85-A8A1-1BD2698EBE24}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D1EA661A-9CD9-4B33-8273-F04374A290CA}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{7513994F-E86E-4358-AB3C-AD6B11411D0D}C:\users\marc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0EF81B9B-B7F4-4658-8FA3-4C6E7E5AD7F2}C:\users\marc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B8C97832-234F-491C-9682-65BF44F278D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C8B675AD-7D79-4F29-BD70-AD5345C9FEAC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EA4344CA-2449-4D1C-8815-0A46DE5DC689}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8E024477-54F1-48E8-9737-2EB8F8E4E99E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{ECAB1E3F-592A-44DD-8AA9-35030F927145}C:\program files\matlab\r2016a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2016a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{02DEDFCB-76DA-4BC9-ACDC-CD4092188447}C:\program files\matlab\r2016a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2016a\bin\win64\matlab.exe
FirewallRules: [{1F830145-B61B-4D1C-9348-4A893F5E7264}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B1948884-CACD-4324-9A5B-CD86CB4B243B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5580BD5D-4CD3-4E33-8419-45A9149ECC88}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{BF672751-2249-4371-A2B3-C296D8049F2D}C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter\graw.exe] => (Allow) C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter\graw.exe
FirewallRules: [UDP Query User{D3C1207D-2974-42E6-A1A8-60FFBF79C8B1}C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter\graw.exe] => (Allow) C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter\graw.exe
FirewallRules: [TCP Query User{9C9BC0B9-A477-4EC9-9156-18386F0C6ACA}C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter 2\graw2.exe] => (Allow) C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter 2\graw2.exe
FirewallRules: [UDP Query User{D3DDBAAC-7328-4EEA-BF30-C5C20F275519}C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter 2\graw2.exe] => (Allow) C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter 2\graw2.exe
FirewallRules: [{96B9F75B-6774-4F70-9045-3DDBC1CBC162}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{298A9756-B47D-4050-871B-4FC5551F7A81}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{84B59001-0490-4887-A1D8-66D49F84BA32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A35764B2-3BDC-4B76-AA34-5C4F2F3310CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6016F855-8ED7-45BD-AE1E-65A76FED3604}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{907F30A1-E396-477D-B36A-C32D5C8E8F49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{068D4213-7E46-4AFD-9909-ADBB58531FFA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9F69A894-CE5D-49EE-B599-1ABC296262FE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DBF083D7-F24F-4CB7-8238-7AC499C1E04B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{094FF82E-E46A-4527-A775-27B8CF34EEA2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{590D482B-CC1C-49E3-BD11-B6967E1485E6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6CBA27DC-AE4E-43D2-907D-2897DA8A9969}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{53EE7BC1-CDB4-49FE-ABF6-92F2A52E72AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{644ACE5B-3C2B-4CEC-892C-EBE9D27030B2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AEA72B74-EA7C-4A7C-8D25-58EC3A92EAAD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7C8460B5-36D9-48C0-8FCE-1AAAECE51B44}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.46\opera.exe
FirewallRules: [{25132249-4CBE-4032-A696-8B29D73A9FC3}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.57\opera.exe
FirewallRules: [{2D5FE3CB-41E0-4F06-98A5-30C0F70C9014}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2017 11:02:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 54.0.1.6388, time stamp: 0x5953d1f8
Faulting module name: xul.dll, version: 54.0.1.6388, time stamp: 0x5953d62e
Exception code: 0x80000003
Fault offset: 0x008a6bcb
Faulting process id: 0x1c2c
Faulting application start time: 0x01d30c2b9dae52ae
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 9364fbc1-78f3-11e7-9cf1-c80aa919f756

Error: (07/28/2017 02:00:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2117.8928, time stamp: 0x57e24380
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a857
Exception code: 0xc0000005
Fault offset: 0x000000000004d7f6
Faulting process id: 0x13d0
Faulting application start time: 0x01d307991e305719
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 62cca298-738c-11e7-9cf1-c80aa919f756

Error: (07/28/2017 12:05:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/27/2017 01:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/27/2017 12:44:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/27/2017 12:34:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/27/2017 12:09:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/27/2017 11:46:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/27/2017 11:07:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 54.0.1.6388, time stamp: 0x5953d1f8
Faulting module name: xul.dll, version: 54.0.1.6388, time stamp: 0x5953d62e
Exception code: 0x80000003
Fault offset: 0x008a6bcb
Faulting process id: 0xe28
Faulting application start time: 0x01d306b7b4d34cf4
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: f4252b65-72aa-11e7-a2af-c80aa919f756

Error: (07/27/2017 10:51:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (08/06/2017 03:03:31 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/06/2017 03:03:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.249.561.0

	Update Source: Microsoft Update Server

	Update Stage: Search

	Source Path: Default URL

	Signature Type: AntiVirus

	Update Type: Full

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: 

	Previous Engine Version: 1.1.14003.0

	Error code: 0x80070422

	Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/04/2017 11:03:06 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.249.561.0

	Update Source: Microsoft Update Server

	Update Stage: Search

	Source Path: Default URL

	Signature Type: AntiVirus

	Update Type: Full

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: 

	Previous Engine Version: 1.1.14003.0

	Error code: 0x80070422

	Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/02/2017 04:04:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.249.561.0

	Update Source: Microsoft Update Server

	Update Stage: Search

	Source Path: Default URL

	Signature Type: AntiVirus

	Update Type: Full

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: 

	Previous Engine Version: 1.1.14003.0

	Error code: 0x80070422

	Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/02/2017 03:23:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.249.505.0

	Update Source: Microsoft Update Server

	Update Stage: Search

	Source Path: Default URL

	Signature Type: AntiVirus

	Update Type: Full

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: 

	Previous Engine Version: 1.1.14003.0

	Error code: 0x80070422

	Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/01/2017 11:41:08 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.249.450.0

	Update Source: Microsoft Update Server

	Update Stage: Search

	Source Path: Default URL

	Signature Type: AntiVirus

	Update Type: Full

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: 

	Previous Engine Version: 1.1.14003.0

	Error code: 0x80070422

	Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/31/2017 05:33:49 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume4.

Error: (07/31/2017 05:33:49 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume G:.

Error: (07/31/2017 05:33:49 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume G:.

Error: (07/31/2017 05:33:47 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume G:.


CodeIntegrity:
===================================
  Date: 2016-08-07 13:53:14.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:09.467
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:06.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:05.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:03.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:02.813
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:01.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:00.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:51:59.340
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:51:57.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 49%
Total physical RAM: 4062.93 MB
Available physical RAM: 2059.12 MB
Total Virtual: 8124.04 MB
Available Virtual: 4994.46 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:97.66 GB) (Free:16.51 GB) NTFS
Drive d: (Eigene Dateien) (Fixed) (Total:368.01 GB) (Free:7.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BFD9973A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---

--- --- ---
__________________

Alt 07.08.2017, 11:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.08.2017, 13:37   #5
Marc4468
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



MBAR hat keine Malware gefunden

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.08.07.03
  rootkit: v2017.08.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18426
Marc :: MARC0301 [administrator]

07.08.2017 12:28:44
mbar-log-2017-08-07 (12-28-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 258443
Time elapsed: 37 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Allerdings habe ich den AdwCleaner grad nochmal laufen lassen und er zeigt noch den gleichen "Fund" an:
Code:
ATTFilter
***** [ Files ] *****

PUP.Optional.DriverAgent, C:\Windows\System32\drivers\DRVAGENT64.SYS
         


Alt 07.08.2017, 15:41   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!




1. Schritt: adwCleaner v7.0.1.0

Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel
    • Prefetch Dateien
    • Proxy
    • Winsock
    • IE Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
--> AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.

Alt 15.08.2017, 21:55   #7
Marc4468
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



sorry für die späte Rückmeldung und danke schonmal soweit für deine Hilfe !
hier die logs:

AdwCleaner[C0].txt:
Code:
ATTFilter
# AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 15 19:02:13 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\Windows\System32\drivers\DRVAGENT64.SYS


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S1].txt - [1064 B] - [2016/6/15 8:53:56]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
         
JRT.txt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64 
Ran by Marc (Administrator) on 15.08.2017 at 21:15:13,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10 

Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62O48WQT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAX2MGF8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDCLWPPD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2DMK3QI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62O48WQT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAX2MGF8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDCLWPPD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2DMK3QI (Temporary Internet Files Folder) 



Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.08.2017 at 21:17:07,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
hier noch ein zwei Anmerkungen:
  • Während des Adw-Clean-Vorgangs hörte ich dieses Windows Treibergeräusch (was man auch hört, wenn man nen USB-Stick rauszieht z.B.) und im ActionCenter hat er mir die folgenden 2 Probleme angezeigt:


    habe dann auf send information geklickt und er meinte er könne keine Lösung finden und jetzt zeigt er mir im ActionCenter nix mehr an. Habe soweit auch keine Grafikprobleme und im Gerätemanager werden auch keine Probleme angezeigt.
    .
  • Testweise hab ich nochmal nen Scan mit AdwCleaner gemacht und er zeigt immer noch an, dass er diese DRVAGENT64.sys - Datei gefunden hat. Wenn ich allerdings manuell in dem besagten Ordner nachschaue, finde ich sie dort nicht. Die Windows-Suche findet den besagten Dateinamen auch nur in den Logs von Adw/FRST.

    Daher hier noch die Logdatei von dem Scan nach der Bereinigung:
    AdwCleaner[S1]:
    Code:
    ATTFilter
    # AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 15 19:28:29 2017
    # Updated on 2017/05/08 by Malwarebytes 
    # Database: 08-15-2017.1
    # Running on Windows 7 Professional (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support
    
    ***** [ Services ] *****
    
    No malicious services found.
    
    ***** [ Folders ] *****
    
    No malicious folders found.
    
    ***** [ Files ] *****
    
    PUP.Optional.DriverAgent, C:\Windows\System32\drivers\DRVAGENT64.SYS
    
    
    ***** [ DLL ] *****
    
    No malicious DLLs found.
    
    ***** [ WMI ] *****
    
    No malicious WMI found.
    
    ***** [ Shortcuts ] *****
    
    No malicious shortcuts found.
    
    ***** [ Tasks ] *****
    
    No malicious tasks found.
    
    ***** [ Registry ] *****
    
    No malicious registry entries found.
    
    ***** [ Firefox (and derivatives) ] *****
    
    No malicious Firefox entries.
    
    ***** [ Chromium (and derivatives) ] *****
    
    No malicious Chromium entries.
    
    *************************
    
    C:/AdwCleaner/AdwCleaner[C0].txt - [1266 B] - [2017/8/15 19:2:13]
    C:/AdwCleaner/AdwCleaner[S1].txt - [1064 B] - [2016/6/15 8:53:56]
    
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########
             

Geändert von Marc4468 (15.08.2017 um 22:17 Uhr)

Alt 16.08.2017, 10:14   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.08.2017, 11:43   #9
Marc4468
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2017 01
Ran by Marc (administrator) on MARC0301 (16-08-2017 11:34:05)
Running from C:\Users\Marc\Desktop\Trojaner-board Hilfe\FRST - 2. Scan
Loaded Profiles: Marc (Available Profiles: Marc)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Flux Software LLC) C:\Users\Marc\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Marc\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2480584 2017-07-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [f.lux] => C:\Users\Marc\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Run: [Spotify Web Helper] => C:\Users\Marc\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-09] (Spotify Ltd)
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {32f8eaf6-9362-11e5-993d-c80aa919f756} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {339cfec1-0d6a-11e6-9eec-ca8a52d0afe8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {339cfecb-0d6a-11e6-9eec-ca8a52d0afe8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {339cfee8-0d6a-11e6-9eec-ca8a52d0afe8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {339cfeec-0d6a-11e6-9eec-ca8a52d0afe8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {339cfef5-0d6a-11e6-9eec-ca8a52d0afe8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {66dae7e0-80f1-11e5-b4d1-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {66dae827-80f1-11e5-b4d1-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {6e2b2c75-baa7-11e5-a8c3-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {6e2b2c7a-baa7-11e5-a8c3-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {6e2b2c8a-baa7-11e5-a8c3-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {77356fe6-80ec-11e5-9f44-c80aa919f756} - F:\autorun.exe
HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\MountPoints2: {a77c9a00-499e-11e6-aa56-c80aa919f756} - F:\HiSuiteDownLoader.exe
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4A966556-5BCE-4BCC-AD5F-9CB64A80F68A}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{95DD06B1-9F2F-40D5-8060-12D8F892479C}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{96A52E63-09DC-448C-9791-34C844800DBC}: [NameServer] 137.226.143.2,137.226.143.6

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_72\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-21] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_72\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-07-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2017-07-21] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ygvo6xro.default
FF ProfilePath: C:\Users\Marc\Dropbox\Firefox\ygvo6xro.default [not found] <==== ATTENTION
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-19] ()
FF Plugin: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-21] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-07-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR StartupUrls:  "hxxp://www.google.de/" 
OPR Extension: (Ghostery) - C:\Users\Marc\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2017-08-15]
OPR Extension: (DotVPN — a better way to VPN) - C:\Users\Marc\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2016-12-12]
OPR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\Marc\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmffjpdmbgflojiohllanjaggdenggdo [2015-11-26]
OPR Extension: (Adblock Plus) - C:\Users\Marc\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-07-21]
OPR Extension: (Bookmarks Import & Export) - C:\Users\Marc\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2016-10-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-08-10] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155080 2017-07-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
R2 postgresql-x64-9.3; C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe [90624 2015-10-06] (PostgreSQL Global Development Group) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-06] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-06] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77432 2017-07-18] ()
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-15 22:15 - 2017-08-15 22:15 - 008187336 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.2.0.exe
2017-08-15 20:44 - 2017-08-15 20:44 - 008185288 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.1.0(2).exe
2017-08-15 20:21 - 2017-08-15 20:21 - 009791816 _____ (Piriform Ltd) C:\Users\Marc\Downloads\ccsetup533.exe
2017-08-15 09:32 - 2017-08-15 16:50 - 882658254 _____ C:\Users\Marc\Downloads\The Curse Of Monkey Island (CD Windows).zip
2017-08-14 17:32 - 2017-08-14 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-10 19:03 - 2017-08-10 19:03 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-08-10 19:03 - 2017-08-10 19:03 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-08-10 19:03 - 2017-08-10 19:03 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-08-10 19:03 - 2017-08-10 19:03 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-08-07 14:37 - 2017-08-07 14:39 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Anki2
2017-08-07 14:36 - 2017-08-07 14:37 - 000000000 ____D C:\Program Files (x86)\Anki
2017-08-07 14:36 - 2017-08-07 14:36 - 028945178 _____ C:\Users\Marc\Downloads\anki-2.0.46.exe
2017-08-07 14:36 - 2017-08-07 14:36 - 000000754 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2017-08-07 14:36 - 2017-08-07 14:36 - 000000742 _____ C:\Users\Marc\Desktop\Anki.lnk
2017-08-07 14:35 - 2017-08-07 14:35 - 002857207 _____ C:\Users\Marc\Downloads\VK I Karteikarten.zip
2017-08-07 14:35 - 2017-08-07 14:35 - 000000000 ____D C:\Users\Marc\Downloads\VK I Karteikarten
2017-08-07 12:26 - 2017-08-16 11:32 - 000000000 ____D C:\Users\Marc\Desktop\Trojaner-board Hilfe
2017-08-06 15:27 - 2017-08-16 11:34 - 000000000 ____D C:\FRST
2017-07-28 12:08 - 2017-07-28 12:07 - 000110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-07-28 12:07 - 2017-07-28 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-28 12:07 - 2017-07-28 12:07 - 000000000 ____D C:\Program Files\Java
2017-07-28 11:57 - 2017-07-28 11:57 - 057286752 _____ (Oracle Corporation) C:\Users\Marc\Downloads\jre-8u72-windows-x64.exe
2017-07-28 11:31 - 2017-07-28 11:31 - 008162248 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.0.0(1).exe
2017-07-28 11:30 - 2017-07-28 11:30 - 008186320 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.1.0.exe
2017-07-28 11:30 - 2017-07-28 11:30 - 008186320 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.1.0(1).exe
2017-07-28 01:38 - 2017-07-28 01:39 - 000086125 _____ C:\Users\Marc\Downloads\Studienbescheinigung_352525_28.07.2017.pdf
2017-07-27 16:56 - 2017-07-27 16:56 - 000000000 _____ C:\Users\Marc\Downloads\Angebote 28.17.pdf
2017-07-27 15:56 - 2017-07-27 15:56 - 000001063 _____ C:\Users\Marc\Desktop\Adw Logfile.txt
2017-07-27 15:39 - 2017-07-27 15:39 - 008162248 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.0.0.exe
2017-07-27 12:30 - 2017-07-27 12:31 - 058768717 _____ (Igor Pavlov) C:\Users\Marc\Downloads\WinFuture_7SP1_x64_UpdateFix_1.0.exe
2017-07-27 11:17 - 2017-07-27 11:24 - 1908026907 _____ (Igor Pavlov) C:\Users\Marc\Downloads\WinFuture_7SP1_x64_UpdatePack_2.77_Juli_2017-Vollversion.exe
2017-07-26 14:36 - 2017-07-26 14:36 - 000113755 _____ C:\Users\Marc\Downloads\Zusammenfassung Kontowechsel.pdf
2017-07-26 12:51 - 2017-07-26 12:51 - 000018324 _____ C:\Users\Marc\Downloads\Brief_an_Allianz_Versicherungs-AG.pdf
2017-07-24 13:05 - 2017-07-24 13:05 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-07-24 03:35 - 2017-07-24 03:35 - 000001555 _____ C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\partypoker.lnk
2017-07-24 03:35 - 2017-07-24 03:35 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\partypoker

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-16 11:28 - 2016-11-26 17:45 - 000000000 ____D C:\Users\Marc\AppData\LocalLow\Mozilla
2017-08-16 11:28 - 2015-11-02 02:41 - 000001210 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-15 22:17 - 2016-06-15 10:53 - 000000000 ____D C:\AdwCleaner
2017-08-15 22:06 - 2009-07-14 06:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-15 22:06 - 2009-07-14 06:45 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-15 21:59 - 2015-12-17 23:38 - 000000000 ____D C:\Program Files (x86)\Steam
2017-08-15 21:58 - 2016-06-15 11:27 - 000000000 ___RD C:\Users\Marc\Google Drive
2017-08-15 21:57 - 2015-11-02 02:41 - 000001206 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-15 21:57 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-15 20:22 - 2015-11-03 00:45 - 000000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-15 20:09 - 2015-11-02 12:14 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-08-15 15:33 - 2015-11-02 12:14 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-08-15 09:50 - 2015-11-02 22:01 - 000000000 ____D C:\Users\Marc\AppData\Local\Adobe
2017-08-15 09:31 - 2016-03-10 09:34 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-08-15 09:30 - 2015-11-11 02:35 - 000004448 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-15 09:30 - 2015-11-03 15:39 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-15 09:30 - 2015-11-03 15:39 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-15 09:30 - 2015-11-03 15:39 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-15 09:30 - 2015-11-03 15:39 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-14 17:37 - 2015-11-25 13:03 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-14 17:33 - 2015-11-02 02:41 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-10 10:05 - 2015-11-02 02:33 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Spotify
2017-08-09 22:04 - 2015-11-02 22:08 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-09 20:58 - 2015-11-02 02:33 - 000000000 ____D C:\Users\Marc\AppData\Local\Spotify
2017-08-09 15:31 - 2015-11-04 00:07 - 000000000 ____D C:\Users\Marc\AppData\Roaming\KeePass
2017-08-08 11:54 - 2015-11-03 00:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-08 11:51 - 2015-11-03 00:43 - 000000000 ____D C:\Program Files\Microsoft Office
2017-08-07 14:42 - 2015-12-17 14:10 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Skype
2017-08-07 13:29 - 2016-03-04 12:59 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-07 12:28 - 2016-03-08 18:11 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-07 12:27 - 2016-03-08 18:10 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-08-04 11:02 - 2017-01-08 23:04 - 000000000 ____D C:\Users\Marc\AppData\Local\CrashDumps
2017-07-31 17:35 - 2009-07-14 07:13 - 000786370 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-31 17:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-07-28 02:03 - 2015-11-02 02:50 - 000000000 ___RD C:\Users\Marc\Dropbox
2017-07-27 12:41 - 2015-12-17 23:46 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-27 12:39 - 2016-12-13 06:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-07-27 11:55 - 2015-11-02 03:14 - 000000000 ____D C:\ProgramData\Oracle
2017-07-27 10:50 - 2016-03-10 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2017-07-27 10:50 - 2016-03-10 09:34 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-07-26 19:19 - 2016-12-23 15:41 - 000000000 ____D C:\Program Files\paint.net
2017-07-24 16:55 - 2016-10-27 17:34 - 000000000 ____D C:\Users\Marc\AppData\Local\PokerStars.EU
2017-07-24 16:53 - 2016-10-27 17:32 - 000000000 ____D C:\Program Files (x86)\PokerStars.EU
2017-07-24 13:05 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-07-24 03:35 - 2016-06-14 08:42 - 000001531 _____ C:\Users\Marc\Desktop\partypoker.lnk
2017-07-24 03:35 - 2015-12-30 23:11 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-07-21 16:00 - 2015-11-11 02:12 - 000003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1447200738
2017-07-21 16:00 - 2015-11-11 02:12 - 000000000 ____D C:\Program Files (x86)\Opera
2017-07-19 09:03 - 2015-11-11 02:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Files in the root of some directories =======

2016-11-30 17:19 - 2014-09-09 19:44 - 000017542 _____ () C:\Users\Marc\AppData\Local\amazon.ico
2017-04-11 17:38 - 2017-04-11 17:38 - 000002092 _____ () C:\Users\Marc\AppData\Local\recently-used.xbel
2015-11-02 03:21 - 2017-05-18 18:27 - 000007600 _____ () C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
2015-11-04 22:45 - 2015-11-04 22:45 - 000004967 _____ () C:\ProgramData\flwjycbm.bab

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-15 17:01

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---

--- --- ---


Additional FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2017 01
Ran by Marc (16-08-2017 11:36:04)
Running from C:\Users\Marc\Desktop\Trojaner-board Hilfe\FRST - 2. Scan
Windows 7 Professional Service Pack 1 (X64) (2015-11-01 20:15:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1193974182-2009185625-738568622-500 - Administrator - Disabled)
Guest (S-1-5-21-1193974182-2009185625-738568622-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1193974182-2009185625-738568622-1002 - Limited - Enabled)
Marc (S-1-5-21-1193974182-2009185625-738568622-1000 - Administrator - Enabled) => C:\Users\Marc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.177 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
BRAINYOO (HKLM-x32\...\BRAINYOO) (Version:  - BRAINYOO Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0190 - Disc Soft Ltd)
Dropbox (HKLM-x32\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.1.18829 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Flux) (Version:  - )
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Java 8 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418072F0}) (Version: 8.0.720.15 - Oracle Corporation)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
Left 4 Dead (HKLM\...\Steam App 500) (Version:  - Valve)
Malwarebytes Anti-Exploit version 1.10.1.24 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.10.1.24 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 de)) (Version: 54.0.1 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Opera Stable 46.0.2597.57 (HKLM-x32\...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
partypoker (HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\PartyPoker) (Version:  - )
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
PostgreSQL 9.3  (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
SleepTimer Ultimate 1.3 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version:  - Christian Handorf)
Spotify (HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sync-my-L2P (HKLM-x32\...\Sync-my-L2P 2.2.0) (Version: 2.2.0 - Sync-my-L2P)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
TomTom Sports Connect (HKLM-x32\...\TomTom Sports Connect) (Version: 3.2.9.0 - TomTom International B.V.)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-01-08] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-16] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C4939D2-9B80-433A-B162-A6E24CA1F03C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-04] (Microsoft Corporation)
Task: {0C74084E-AB3A-4837-B40E-BE26D4DF0B44} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {0FF16577-60A9-4ED9-B298-E24F34521769} - System32\Tasks\{FCF9FF73-2197-460C-BE84-7F1919711A51} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {403F01C8-7F76-4259-A483-0A872D97D6E5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {5444C930-9E6D-4AE7-9ABB-EE11E0973D75} - System32\Tasks\Opera scheduled Autoupdate 1447200738 => C:\Program Files (x86)\Opera\launcher.exe [2017-07-18] (Opera Software)
Task: {60436C72-DF4D-4885-80E5-D52014269A03} - System32\Tasks\{0C4A7C21-C0C0-49C2-8202-FF4E0FF00267} => C:\games\Holiday_Island\UNINST.EXE
Task: {61C78EB6-B8DF-4209-A3D1-0C014F4CB82B} - System32\Tasks\{171A7EB0-97AA-487E-BE23-C60A7B705636} => C:\games\Holiday_Island\UNINST.EXE
Task: {61FF8D92-E7BB-43E3-9CF1-99B45A497B2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-08-04] (Microsoft Corporation)
Task: {64FE1D2F-7B4B-4117-A104-83801A963C3C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {693E346B-11E2-4B01-B7FC-8877E47D0D57} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {696F70F6-13B5-47CB-A468-E5C55E816E2C} - System32\Tasks\{0BF2C2C7-F34D-4D7E-8686-A0E4A44535B2} => C:\games\Holiday_Island\UNINST.EXE
Task: {6F99939F-E2EF-4979-9939-AA96DA3B9323} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {78E9DB36-2802-4CB4-8B38-6BA7A3E6E174} - System32\Tasks\{215ED462-036C-40C0-B2F6-28E8786ED175} => C:\Windows\system32\pcalua.exe -a C:\Users\Marc\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {7AA03F05-35A8-498D-A9CC-2DEE9821D89F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-15] (Adobe Systems Incorporated)
Task: {A41513C2-B3E4-4818-B4E1-947B5D6A5575} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-15] (Google Inc.)
Task: {B15C9573-1AF6-47C6-98F6-8108E5BCF5E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-15] (Google Inc.)
Task: {E337C97F-13E8-45F6-BD5B-13412FC95326} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-08-04] (Microsoft Corporation)
Task: {FBE60B98-5EDD-4549-B497-3B81BC80ECD1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Marc\Desktop\runme - Shortcut.lnk -> C:\Programs\PartyTools4.4\runme.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-12-20 15:30 - 2016-11-14 13:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-27 00:37 - 2015-04-17 17:53 - 000022528 _____ () C:\Windows\System32\ssy3clm.dll
2016-04-26 23:55 - 2015-03-12 04:43 - 000022528 _____ () C:\Windows\System32\ux003lm.dll
2017-08-03 10:41 - 2017-08-03 10:41 - 000069632 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2017-04-11 04:17 - 2017-04-11 04:17 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-12-20 15:31 - 2016-11-14 14:30 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-08-03 09:02 - 2017-08-10 19:06 - 000025408 _____ () C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
2015-11-05 20:53 - 2015-10-06 06:21 - 000179712 _____ () C:\Program Files\PostgreSQL\9.3\bin\LIBPQ.dll
2015-11-05 20:53 - 2014-02-05 11:16 - 001336832 _____ () C:\Program Files\PostgreSQL\9.3\bin\libxml2.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-12-20 15:31 - 2016-11-14 14:30 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Marc:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Marc\Desktop\alter KL Kram (aus maschboard - pm):com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marc\Desktop\ARD ZDF Rundfunkbeitrag Brief.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marc\Desktop\Gedächtnisprotokoll KL I SS16.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marc\Desktop\IMG_2928.JPG:com.dropbox.attributes [424]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1193974182-2009185625-738568622-1000\...\sharepoint.com -> hxxps://bwedu-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1193974182-2009185625-738568622-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Marc\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{3A99208D-508C-4055-9A27-95DDD9A736DE}C:\users\marc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2CC9CE62-959C-4914-BDA8-2525C3B82670}C:\users\marc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{16E7BCAA-468E-45BE-9C5D-710AD3A2D78D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B7FF3375-B1D5-4257-9143-5728AD23D4DE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{695858C1-19FF-4259-A72E-A9341B966476}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC96E459-6EEA-4BD6-96EE-5E56568EE9F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0ECD79A1-8ED5-456F-A073-D71C12DA4439}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{52C60CAB-EB98-46F6-9386-8948955B1948}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F6AE9AF4-8FC6-4480-92EF-E987C5A54F83}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3AFF5CE8-22AE-405E-9CC8-E934425F78B1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E68F2657-D166-4CF9-A0FA-2B5E152F10E6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{93C0503C-0A0E-475E-9503-42FAF6F02690}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23ADA9BA-D9B9-4956-B259-EC8F31471C34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{540DCEAF-1585-4342-9240-CA4883598A96}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe
FirewallRules: [UDP Query User{7E6EF55B-7030-4428-B9D8-ACE790C3453B}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe
FirewallRules: [{909A8D67-ACE1-4AB3-95A9-2113297977C3}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{CA1A92BC-FDCB-46BE-992E-C2388994C8B4}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{3BBEBB77-FDAA-432F-A260-781881AA18A9}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{29C1F4DC-FC96-40CC-A976-986C2B04BFB2}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{F4AA2E52-B0CB-4A85-A8A1-1BD2698EBE24}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D1EA661A-9CD9-4B33-8273-F04374A290CA}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{7513994F-E86E-4358-AB3C-AD6B11411D0D}C:\users\marc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0EF81B9B-B7F4-4658-8FA3-4C6E7E5AD7F2}C:\users\marc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B8C97832-234F-491C-9682-65BF44F278D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C8B675AD-7D79-4F29-BD70-AD5345C9FEAC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EA4344CA-2449-4D1C-8815-0A46DE5DC689}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8E024477-54F1-48E8-9737-2EB8F8E4E99E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{ECAB1E3F-592A-44DD-8AA9-35030F927145}C:\program files\matlab\r2016a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2016a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{02DEDFCB-76DA-4BC9-ACDC-CD4092188447}C:\program files\matlab\r2016a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2016a\bin\win64\matlab.exe
FirewallRules: [{1F830145-B61B-4D1C-9348-4A893F5E7264}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B1948884-CACD-4324-9A5B-CD86CB4B243B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5580BD5D-4CD3-4E33-8419-45A9149ECC88}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{BF672751-2249-4371-A2B3-C296D8049F2D}C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter\graw.exe] => (Allow) C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter\graw.exe
FirewallRules: [UDP Query User{D3C1207D-2974-42E6-A1A8-60FFBF79C8B1}C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter\graw.exe] => (Allow) C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter\graw.exe
FirewallRules: [TCP Query User{9C9BC0B9-A477-4EC9-9156-18386F0C6ACA}C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter 2\graw2.exe] => (Allow) C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter 2\graw2.exe
FirewallRules: [UDP Query User{D3DDBAAC-7328-4EEA-BF30-C5C20F275519}C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter 2\graw2.exe] => (Allow) C:\games\ghost recon advanced warfighter collection\ghost recon advanced warfighter 2\graw2.exe
FirewallRules: [{96B9F75B-6774-4F70-9045-3DDBC1CBC162}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{298A9756-B47D-4050-871B-4FC5551F7A81}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{84B59001-0490-4887-A1D8-66D49F84BA32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A35764B2-3BDC-4B76-AA34-5C4F2F3310CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6016F855-8ED7-45BD-AE1E-65A76FED3604}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{907F30A1-E396-477D-B36A-C32D5C8E8F49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{068D4213-7E46-4AFD-9909-ADBB58531FFA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9F69A894-CE5D-49EE-B599-1ABC296262FE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DBF083D7-F24F-4CB7-8238-7AC499C1E04B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{094FF82E-E46A-4527-A775-27B8CF34EEA2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{590D482B-CC1C-49E3-BD11-B6967E1485E6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6CBA27DC-AE4E-43D2-907D-2897DA8A9969}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{53EE7BC1-CDB4-49FE-ABF6-92F2A52E72AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{644ACE5B-3C2B-4CEC-892C-EBE9D27030B2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AEA72B74-EA7C-4A7C-8D25-58EC3A92EAAD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7C8460B5-36D9-48C0-8FCE-1AAAECE51B44}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.46\opera.exe
FirewallRules: [{25132249-4CBE-4032-A696-8B29D73A9FC3}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.57\opera.exe
FirewallRules: [{FF35DE29-7B91-4C7E-B077-0CBBAD21CEBC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

15-08-2017 17:08:22 Scheduled Checkpoint
15-08-2017 21:15:15 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: MpKslccb7864d
Description: MpKslccb7864d
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslccb7864d
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2017 09:59:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/15/2017 09:04:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/15/2017 08:11:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/15/2017 03:24:22 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (6660) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Marc\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (08/15/2017 03:24:22 PM) (Source: ESENT) (EventID: 489) (User: )
Description: DllHost (6660) WebCacheLocal: An attempt to open the file "C:\Users\Marc\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/15/2017 03:24:12 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (6660) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Marc\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (08/15/2017 03:24:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: DllHost (6660) WebCacheLocal: An attempt to open the file "C:\Users\Marc\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/15/2017 03:24:01 PM) (Source: ESENT) (EventID: 489) (User: )
Description: DllHost (6660) WebCacheLocal: An attempt to open the file "C:\Users\Marc\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/15/2017 09:29:56 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: Zeitüberschreitung beim Warten auf Start des Servers

Error: (08/15/2017 09:27:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (08/15/2017 10:07:19 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.249.1023.0

	Update Source: Microsoft Update Server

	Update Stage: Search

	Source Path: Default URL

	Signature Type: AntiVirus

	Update Type: Full

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: 

	Previous Engine Version: 1.1.14003.0

	Error code: 0x80070422

	Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/15/2017 09:58:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA GeForce Experience Service service to connect.

Error: (08/15/2017 09:58:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DbxSvc service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (08/15/2017 09:58:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DbxSvc service to connect.

Error: (08/15/2017 09:16:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/15/2017 09:13:46 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.249.1023.0

	Update Source: Microsoft Update Server

	Update Stage: Search

	Source Path: Default URL

	Signature Type: AntiVirus

	Update Type: Full

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: 

	Previous Engine Version: 1.1.14003.0

	Error code: 0x80070422

	Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/15/2017 09:01:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/15/2017 09:01:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/15/2017 09:01:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The postgresql-x64-9.3 - PostgreSQL Server 9.3 service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/15/2017 09:01:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2016-08-07 13:53:14.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:09.467
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:06.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:05.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:03.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:02.813
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:01.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:52:00.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:51:59.340
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 13:51:57.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 44%
Total physical RAM: 4062.93 MB
Available physical RAM: 2254.25 MB
Total Virtual: 8124.04 MB
Available Virtual: 5308.22 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:97.66 GB) (Free:19.26 GB) NTFS
Drive d: (Eigene Dateien) (Fixed) (Total:368.01 GB) (Free:4.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BFD9973A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---

--- --- ---

Alt 16.08.2017, 11:53   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: Malwarebytes Version 3

Downloade Dir bitte Malwarebytes Anti-Malware 3
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



2. Schritt: ESET

Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
  • Starte die Installationsdatei.
  • Akzeptiere die Nutzungsbedingungen.
  • Wähle Erkennung evtl. unerwünschter Anwendungen aktivieren aus und klicke auf Scannen.
  • Zuerst werden die notwendigen Signaturen heruntergeladen, anschließend startet ESET automatisch den Suchlauf.
  • Am Ende des Suchlaufs werden gegebenenfalls die gefundenen Elemente aufgelistet.
  • Schließe den ESET Online Scanner rechts oben [ X ] und klicke anschließend auf Schließen.
  • Drücke bitte die Tastenkombination WIN+R zum Ausführen und kopiere folgenden Text in die Zeile und drücke im Anschluss auf OK:
    Code:
    ATTFilter
    notepad "%tmp%\log.txt"
             
  • Kopiere den gesamten Text mittels STRG+A und STRG+C hier in deine Antwort in CODE-Tags



3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.08.2017, 21:19   #11
Marc4468
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



MBAM 3 Log:
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 16.08.17
Scan-Zeit: 13:23
Protokolldatei: mbam.txt
Administrator: Ja

-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.160
Version des Aktualisierungspakets: 1.0.2251
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: MARC0301\Marc

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 325836
Erkannte Bedrohungen: 4
In die Quarantäne verschobene Bedrohungen: 4
Abgelaufene Zeit: 8 Min., 3 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.DriverAgent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DrvAgent64, In Quarantäne, [2479], [345587],1.0.2251
PUP.Optional.InstallCore, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DAEMON Tools Lite, In Quarantäne, [3], [407013],1.0.2251

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 2
PUP.Optional.DriverAgent, C:\WINDOWS\SYSWOW64\DRIVERS\DRVAGENT64.SYS, In Quarantäne, [2479], [345587],1.0.2251
PUP.Optional.InstallCore, C:\PROGRAM FILES\DAEMON TOOLS LITE\UNINST.EXE, In Quarantäne, [3], [407013],1.0.2251

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         
ESET Online-Scanner log:
Code:
ATTFilter
13:55:12 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.17.0
# EOSSerial=6e556d62a54cdd41adfc9796994b8e4c
# end=init
# utc_time=2017-08-16 11:55:12
# local_time=2017-08-16 13:55:12 (+0100, W. Europe Daylight Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
13:55:17 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.17.0
# EOSSerial=6e556d62a54cdd41adfc9796994b8e4c
# end=init
# utc_time=2017-08-16 11:55:17
# local_time=2017-08-16 13:55:17 (+0100, W. Europe Daylight Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
13:55:25 Updating
13:55:25 Update Init
13:55:30 Update Download
14:00:37 Call m_esets_charon_send
14:00:37 Call m_esets_charon_destroy
14:00:42 Updating
14:00:43 Update Init
14:00:51 Update Download
14:04:54 esets_scanner_reload returned 0
14:04:54 g_uiModuleBuild: 34418
14:04:54 Update Finalize
14:04:54 Call m_esets_charon_send
14:04:54 Call m_esets_charon_destroy
14:04:54 Updated modules version: 34418
14:05:07 Call m_esets_charon_setup_create
14:05:07 Call m_esets_charon_create
14:05:07 m_esets_charon_create OK
14:05:07 Call m_esets_charon_start_send_thread
14:05:07 Call m_esets_charon_setup_set
14:05:07 m_esets_charon_setup_set OK
14:05:07 Scanner engine: 34418
18:51:46 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.17.0
# EOSSerial=6e556d62a54cdd41adfc9796994b8e4c
# engine=34418
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-08-16 16:51:46
# local_time=2017-08-16 18:51:46 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 45279620 125882700 0 0
# scanned=2
# found=6
# cleaned=0
# scan_time=17211
sh=E99FE8332619ABE6AE728A824CAFFB5492845AC2 ft=0 fh=0000000000000000 vn="Variante von Generik.FYJHEET Trojaner" ac=I fn="D:\Honor 7 Backup (MyPhoneExplorer)\Dateien\Systemspeicher\cust\preinstalled\public\app\BubbleBash3\BubbleBash3.apk"
sh=E99FE8332619ABE6AE728A824CAFFB5492845AC2 ft=0 fh=0000000000000000 vn="Variante von Generik.FYJHEET Trojaner" ac=I fn="D:\Honor 7 Backup (MyPhoneExplorer)\Dateien\Systemspeicher\cust\preinstalled\public\app\BubbleBash3_m\BubbleBash3.apk"
sh=152B1ECB8AE567767F7BEB872462F541CFCB407E ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Commplat.B eventuell unerwünschte Anwendung" ac=I fn="D:\Honor 7 Backup (MyPhoneExplorer)\Dateien\Systemspeicher\cust\preinstalled\public\app\Wakti_m\Wakti.apk"
sh=E99FE8332619ABE6AE728A824CAFFB5492845AC2 ft=0 fh=0000000000000000 vn="Variante von Generik.FYJHEET Trojaner" ac=I fn="D:\Honor 7 Backup alt\Dateien\Systemspeicher\cust\preinstalled\public\app\BubbleBash3\BubbleBash3.apk"
sh=E99FE8332619ABE6AE728A824CAFFB5492845AC2 ft=0 fh=0000000000000000 vn="Variante von Generik.FYJHEET Trojaner" ac=I fn="D:\Honor 7 Backup alt\Dateien\Systemspeicher\cust\preinstalled\public\app\BubbleBash3_m\BubbleBash3.apk"
sh=152B1ECB8AE567767F7BEB872462F541CFCB407E ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Commplat.B eventuell unerwünschte Anwendung" ac=I fn="D:\Honor 7 Backup alt\Dateien\Systemspeicher\cust\preinstalled\public\app\Wakti_m\Wakti.apk"
19:32:12 Call m_esets_charon_send
19:32:12 Call m_esets_charon_destroy
19:32:15 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Marc\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
         
SecurityCheck log:
Code:
ATTFilter
 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java version 32-bit out of Date! 
 Adobe Flash Player 25.0.0.148  
 Mozilla Firefox (54.0.1) 
 Mozilla Thunderbird (52.2.1) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
         
Anmerkungen/Fragen meinerseits:
  • habe die MBAM Funde in Quarantäne verschieben lassen, darunter auch der DaemonTools uninstaller. Da frage ich mich, ob es nicht sinnvoll wäre, diesen wieder aus der Quarantäne zu nehmen!? Prinzipiell deinstalliere ich immer über Systemsteuerung -> Programme.
  • Die ESET Funde beziehen sich alle auf das Android Backup-Programm myphoneexplorer. Da es von meinem Handyhersteller mittlerweile ehh ein besseres Backup-Programm gibt, benötige ich das nicht mehr, allerdings würde ich die Backups evtl. nochmal durchschauen bevor ich das lösche. Oder hätte ein löschen der Funde evtl. gar keinen Einfluss auf die restlichen Dateien im Backup? Anders gefragt: muss ich die backups jetzt durchschauen, damit wir hier weiter machen können oder tut das nicht zur Sache?
  • SecurityCheck zeigt immer noch an, dass Java out of date sei. Stimmt aber nicht... Habe grad nachgeschaut und es ist die Version 8.0 build 72 (64 bit) installiert

Alt 17.08.2017, 09:58   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



Zitat:
, darunter auch der DaemonTools uninstaller. Da frage ich mich, ob es nicht sinnvoll wäre, diesen wieder aus der Quarantäne zu nehmen!?
Malwarebytes hat den Kuschelkurs mit Junkware wenn ich das richtig gesehen/verstanden habe, satt. Da wird jetzt auch jedes Setup angemdckert, weas Junkware mitbringt. Ich seh allerdings zum ersten mal, dass ein uninstaller wegen Junkware angemeckert wird ein uninstaller soll Software entfernen und nicht neuen Mist installieren

Zitat:
Die ESET Funde beziehen sich alle auf das Android Backup-Programm myphoneexplorer.
Lösch den Mist einfach. Du brauchst es doch eh nicht mehr...

Zitat:
SecurityCheck zeigt immer noch an, dass Java out of date sei. Stimmt aber nicht... Habe grad nachgeschaut und es ist die Version 8.0 build 72 (64 bit) installiert
Äh leider völliger Quatsch. Dein Java ist uralt. Was aktuell ist siehst du zB da --> https://chocolatey.org/packages?q=java

Die komplette Versions-History findet man da --> https://en.wikipedia.org/wiki/Java_v...Java_8_updates

Java 8 Update 144 ist aktuell und nicht 72
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.08.2017, 15:04   #13
Marc4468
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



Kann man denn Daemon Tools über Windows trotzdem deinstallieren, auch wenn die uninst.exe gelöscht wurde? Falls ja, soll mir das egal sein

Habe mir das mit dem "myphoneexplorer" nochmal genauer angeschaut. Sind diese .akp Dateien welche, die er mir beim wiederherstellen eines backups mit aufs handy installiert hätte, obwohl sie zum Zeitpunkt der Sicherung gar nicht auf dem Handy drauf waren??
Habe die Dateien mit dem ESET Online Scanner in Quarantäne verschieben lassen. Wie kann ich mir das in Quarantäne vorstellen? Soll ich die nicht besser einfach komplett löschen? Weil diese .akp installer brauche ich absolut nicht... Eine Anleitung zum löschen konnte ich per google nicht finden.

Asche auf mein Haupt
Habe Java nun geupdatet, aber SecurityCheck möchte das (auch nach Neustart des Computers) immer noch nicht einsehen...


Achja und was ist mit dem Eintrag vom AdwCleaner, den er auch nach der Bereinigung noch findet?
Code:
ATTFilter
***** [ Files ] *****

PUP.Optional.DriverAgent, C:\Windows\System32\drivers\DRVAGENT64.SYS
         

Alt 17.08.2017, 15:13   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



Zitat:
Kann man denn Daemon Tools über Windows trotzdem deinstallieren, auch wenn die uninst.exe gelöscht wurde? Falls ja, soll mir das egal sein
Sry ich bin nicht Gott Probiers doch einfach aus, mit revo!


Zitat:
Habe mir das mit dem "myphoneexplorer" nochmal genauer angeschaut. Sind diese .akp Dateien welche, die er mir beim wiederherstellen eines backups mit aufs handy installiert hätte, obwohl sie zum Zeitpunkt der Sicherung gar nicht auf dem Handy drauf waren??
Was du von wo irgendwo hin gesichert hast, fragst du mich?
Nochmal, ich bin weder Gott noch Jesus, also nicht allwissend.


Zitat:
Wie kann ich mir das in Quarantäne vorstellen?
Was versteht man denn allgemein unter Quarantäne?
Werde dir das mal bewusst und überleg dann ob man unbedingt panisch hektisch alles löschen muss.


Zitat:
Achja und was ist mit dem Eintrag vom AdwCleaner, den er auch nach der Bereinigung noch findet?
Auch das weiß ich nicht. Werte die Datei doch einfach mal bei Virustotal aus. Vllt ist das einfach nur ein Bug im adwcleaner.
Die letzten Logs waren doch unauffällig.

Allgemein mal etwas weniger Panik und Hektik schieben bitte...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.08.2017, 16:18   #15
Marc4468
 
AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Standard

AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.



Zitat:
Zitat von cosinus Beitrag anzeigen
Sry ich bin nicht Gott Probiers doch einfach aus, mit revo!
Der Eintrag DaemonTools war sowohl mit als auch ohne die uninst.exe in der Liste nicht zu finden.
Habe die uninst.exe nun aus der Quarantäne wiederhergestellt und das Programm dann damit deinstalliert. Habe ich sowieso schon ewig nicht mehr benutzt und falls mal wieder nötig werde ich VirtualCloneDrive vorziehen.


Zitat:
Zitat von cosinus Beitrag anzeigen
Was du von wo irgendwo hin gesichert hast, fragst du mich?
Nochmal, ich bin weder Gott noch Jesus, also nicht allwissend.
Muss so gewesen sein, da ich Apps wie "Wakti" oder "BubbleSplash" noch nie installiert hatte aufm Handy...



Zitat:
Zitat von cosinus Beitrag anzeigen
Was versteht man denn allgemein unter Quarantäne?
Werde dir das mal bewusst und überleg dann ob man unbedingt panisch hektisch alles löschen muss.
Mir ist schon bewusst, dass die Dateien in der Quarantäne isoliert sind und keinen Schaden anrichten können. Da ich diese komischen installer nur ehh halt nie wieder benötigen werde und wiederherstellen muss kann ich sie doch theoretisch auch komplett löschen. Das allein war mein Gedanke und nicht Panik
Außerdem interessiert mich einfach, wie so ne Quarantäne eines (Viren)-Scanners funktioniert, aber so wie ich das laut google verstanden habe, entzieht man den Dateien sämtliche Rechte und verschiebt sie in einen gesicherten Bereich.
Könnte ich die isolierten Dateien über den Explorer noch finden bzw. sehen? (Ich frage wieder nur aus Neugier)

Zitat:
Zitat von cosinus Beitrag anzeigen
Auch das weiß ich nicht. Werte die Datei doch einfach mal bei Virustotal aus. Vllt ist das einfach nur ein Bug im adwcleaner.
Die letzten Logs waren doch unauffällig.

Allgemein mal etwas weniger Panik und Hektik schieben bitte...
Habe eben nochmal nen AdwScan laufen lassen und nun findet er die Datei (generell kein Fund) auch nicht mehr Muss also ein Bug gewesen sein...
Panik und Hektik habe ich zu keinem Zeitpunkt verbreitet. Habe nur nochmal wegen dem AdwCleaner-Fund nachgefragt, damit ich die Sache abhaken kann

Ansonsten vielen Dank erstmal!
Ist die Bereinigung somit abgeschlossen oder steht noch was an?

Antwort

Themen zu AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.
adobe, adobe flash player, computer, dll, explorer, firefox, flash player, folge, frage, internet, internet explorer, java, logfile, malwarebytes, mozilla, neustart, programme, registry, scan, system, system32, systemsteuerung, windows, windows firewall, wmi



Ähnliche Themen: AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an.


  1. PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?
    Log-Analyse und Auswertung - 13.04.2017 (17)
  2. Nach Photo Transfer mit "MPE" nach"D", auf "C" ca. 5GB verloren? Rest: 5,6GB auf "C"!
    Alles rund um Windows - 17.04.2016 (21)
  3. wenn ich das pc anschalte zeigt es nach paar minuten stand da "anzeigetriber wurde nach dem fehler wieder hergestellt" also so in der richtu
    Alles rund um Windows - 09.08.2015 (3)
  4. Rechner ließ sich nicht als Benutzer anmelden - nach Zurücksetzung auf WHP zeigt FRST viele "Error" Meldungen an.
    Log-Analyse und Auswertung - 03.04.2015 (7)
  5. Nach Spybot-Scan "DownloadSponsor" löschen
    Log-Analyse und Auswertung - 21.06.2014 (7)
  6. MALWAREBYTES meldet 2 Funde, als Anbieter "PUP.Optional.Conduit.A" und "PUP.Optional.DataMngr.A"
    Log-Analyse und Auswertung - 10.03.2014 (7)
  7. Windows7PC - Win32Adware-gen und Win32:Dropper-gen erst nach vollst. Scan durch AVAST gefunden - Kreditkarte "gehackt"
    Log-Analyse und Auswertung - 28.10.2013 (9)
  8. Malwarebytes bereibigt "PUP.Optional.xxx.A", aber AdwCleaner findet noch was in der Registry
    Log-Analyse und Auswertung - 14.10.2013 (13)
  9. Benutzeranmeldung nach Trojaner Bekämpfung zeigt nur noch Cmd-Box "Windows\system 32"
    Log-Analyse und Auswertung - 26.07.2013 (22)
  10. Nach BKA Virus jeden Tag neuer Parasit und ESIT zeigt "mögl. Variante von Win32/Ponmocup.AA Troj."
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (20)
  11. Computer direkt nach Hochfahren "gesperrt", 50€ zahlen etc., OTLPE Scan
    Log-Analyse und Auswertung - 12.05.2012 (7)
  12. "System Tool", Scan gestartet hat bei "Scanning Useres StartMenue..." hängen
    Plagegeister aller Art und deren Bekämpfung - 14.01.2011 (1)
  13. Rogue-Malware "EASY SCAN" alias "HDD Low" Problem beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (9)
  14. "Microsoft Security Essential Alert" blockiert WinXP nach Neustart trotz MalwareBytes-Scan
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (2)
  15. "Do a System Scan" - Nach Aufruf eines nicht vorhandenen Verzeichnisses.
    Log-Analyse und Auswertung - 29.05.2010 (3)
  16. Mc Afee Security Scan zeigt Bedrohung durch Trojaner "Artemis!7A810C195AF5" an
    Plagegeister aller Art und deren Bekämpfung - 11.03.2010 (5)
  17. eScan log - scan nach bereinigung von IE "hacked by ..."
    Log-Analyse und Auswertung - 16.08.2008 (5)

Zum Thema AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. - Hallo Leute, da ich meinen Computer u.a. für onlinebanking und Shopping (Amazon etc.) nutze, scanne ich ihne gelegentlich (MBAM, AdwCleaner, SecurityCheck, ESET online Scanner). Gestern habe ich o.g. Programme mal - AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an....
Archiv
Du betrachtest: AdwCleaner zeigt "PUP.Optional.Driver.DriverAgent" nach Scan an. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.