Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Phishing-Mail Link geklickt. Daten retten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.10.2017, 19:08   #1
Kohna
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Erstmal hallo an alle hier,

ich habe momentan vielleicht ein Problem. Kurz gefasst, ich habe auf einen Link in einer E-mail geklickt und es öffnete sich zwar ein Fenster, aber mein Antivirusprogramm hat nichts angezeigt.
Ich vermute, dass ich jetzt trotzdem infiziert bin. Darauf habe ich von einem anderen Laptop aus erstmal alle Passwörter geändert und in dem infizierten Laptop ganzen Cache, Chookies, Verlauf etc. in dem Browser gelöscht.
Anschließend habe ich Malewarebytes Antimaleware (MAM) und OTL scannen lassen.
Generell hätte ich jetzt kein Problem, meinen Laptop zu formatieren, würde aber lieber vorher paar Daten retten wollen. Zum Glück habe ich das meiste auf einer externen Festplatte, aber die neusten wichtigen Daten noch nicht.
Da ich kein PC-Experte bin wollte ich fragen, ob es möglich ist die restlichen Daten zu sichern? Ich wäre euch sehr dankbar für hilfreiche Tipps und Möglichkeiten.

mfg. Kohna

Hier mein Bericht von der MAM und OTL

Zitat:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 23.10.17
Scan-Zeit: 17:49
Protokolldatei: c8cd9178-b809-11e7-b1a0-00262dc14cb8.json
Administrator: Ja

-Softwaredaten-
Version: 3.2.2.2029
Komponentenversion: 1.0.212
Version des Aktualisierungspakets: 1.0.3076
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: SARBAT-PC\SARBAT

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 296468
Erkannte Bedrohungen: 8
In die Quarantäne verschobene Bedrohungen: 8
Abgelaufene Zeit: 14 Min., 5 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.StartPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}, In Quarantäne, [1881], [396863],1.0.3076
PUP.Optional.StartPage.ShrtCln, HKU\S-1-5-21-1733954782-861682868-1594596262-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}, In Quarantäne, [1881], [396863],1.0.3076

Registrierungswert: 4
PUP.Optional.StartPage.ShrtCln, HKU\S-1-5-21-1733954782-861682868-1594596262-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}|FAVICONURL, In Quarantäne, [1881], [396863],1.0.3076
PUP.Optional.StartPage.ShrtCln, HKU\S-1-5-21-1733954782-861682868-1594596262-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}|URL, In Quarantäne, [1881], [396863],1.0.3076
PUP.Optional.StartPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}|FAVICONURL, In Quarantäne, [1881], [396862],1.0.3076
PUP.Optional.StartPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{22F81F80-1D65-452A-8EC3-762CB85B3173}|URL, In Quarantäne, [1881], [396862],1.0.3076

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 2
PUP.Optional.DownloadSponsor, C:\USERS\SARBAT\APPDATA\LOCAL\TEMP\SCOPED_DIR10172_10456\JW PLAYER - CHIP-INSTALLER.EXE, In Quarantäne, [521], [413936],1.0.3076
PUP.Optional.DownloadSponsor, C:\USERS\SARBAT\APPDATA\LOCAL\TEMP\SCOPED_DIR5760_8704\GREENSHOT - CHIP-INSTALLER.EXE, In Quarantäne, [521], [349501],1.0.3076

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

Zitat:
OTL logfile created on: 10/23/2017 6:38:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SARBAT\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18816)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.18 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 22.56% Memory free
6.35 Gb Paging File | 2.28 Gb Available in Paging File | 35.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.07 Gb Total Space | 449.25 Gb Free Space | 79.50% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 1.11 Gb Free Space | 3.68% Space Free | Partition Type: NTFS

Computer Name: SARBAT-PC | User Name: SARBAT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\SARBAT\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\48.0.2685.50\opera_crashreporter.exe (Opera Software)
PRC - C:\Program Files\Opera\48.0.2685.50\opera.exe (Opera Software)
PRC - C:\Program Files\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\System32\DbxSvc.exe (Dropbox, Inc.)
PRC - C:\Program Files\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
PRC - C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe ()
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
PRC - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes)
PRC - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (X10)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Opera\48.0.2685.50\opera_browser.dll ()
MOD - C:\Program Files\Opera\48.0.2685.50\libglesv2.dll ()
MOD - C:\Program Files\Opera\48.0.2685.50\libegl.dll ()
MOD - C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd ()
MOD - C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd ()
MOD - C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd ()
MOD - C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd ()
MOD - C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd ()
MOD - C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd ()
MOD - C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd ()
MOD - C:\Program Files\Dropbox\Client\tornado.speedups.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtWebEngine.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd ()
MOD - C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd ()
MOD - C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd ()
MOD - C:\Program Files\Dropbox\Client\libGLESv2.dll ()
MOD - C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd ()
MOD - C:\Program Files\Dropbox\Client\libEGL.DLL ()
MOD - C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL ()
MOD - C:\Program Files\Dropbox\Client\fastpath.pyd ()
MOD - C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd ()
MOD - C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd ()
MOD - C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd ()
MOD - C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd ()
MOD - C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd ()
MOD - C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd ()
MOD - C:\Program Files\Dropbox\Client\dropbox_crashpad.dll ()
MOD - C:\Program Files\Dropbox\Client\dropbox_watchdog.dll ()
MOD - C:\Program Files\Dropbox\Client\pythoncom27.dll ()
MOD - C:\Program Files\Dropbox\Client\pywintypes27.dll ()
MOD - C:\Program Files\Dropbox\Client\librsync.dll ()
MOD - C:\Program Files\Dropbox\Client\unicodedata.pyd ()
MOD - C:\Program Files\Dropbox\Client\winxpgui.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32gui.pyd ()
MOD - C:\Program Files\Dropbox\Client\pyexpat.pyd ()
MOD - C:\Program Files\Dropbox\Client\_cffi_backend.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32file.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32security.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32api.pyd ()
MOD - C:\Program Files\Dropbox\Client\_ctypes.pyd ()
MOD - C:\Program Files\Dropbox\Client\sip.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32print.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32evtlog.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32service.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32process.pyd ()
MOD - C:\Program Files\Dropbox\Client\_multiprocessing.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32pipe.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32ts.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32job.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32event.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32profile.pyd ()
MOD - C:\Program Files\Dropbox\Client\win32clipboard.pyd ()
MOD - C:\Program Files\Dropbox\Client\mmapfile.pyd ()
MOD - C:\Program Files\Dropbox\Client\select.pyd ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e0fb0b9ff53a543385844ca3d4fe0e67\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\b275f3c85451b4712ba4441c8b142cdc\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ae69d98037d3a006441b0ad7601aa550\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a940a59838344f50d68b17da426928ad\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\997ae7ebb28384eb69f1b94c2bb2e170\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\83aa5cbe367dcd5373421de6d20441df\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\287a701747b36a5a96b06722de963801\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\1ad7879eeab04304a3b44fbcaf6b6f69\System.ComponentModel.Composition.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8eac3f49e91c9b6efd2f6278b1215da7\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c4a944b009f4f07008b4d8cb6feb62bc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\c0849d317d75be9931df2785a5c75ace\System.Data.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bcfc8f02ea2e1edbf8b711b542f4b43f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\35511e4186f06439802b46ef18ab4a6a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4a34b8e8ee4dff4d0a60143313c17eb1\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\e0c58e3528d935e36495738dd955ab31\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\083ff8b4b0ffd899249c5e4164870e25\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\126c9e6f7c82efed67b0eb48481b436a\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2a4d9d3dc67b64fc0cd7e1156a358702\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ea9038f9beda902e4335491cef411afe\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ab457dffef5cfdbe2178c1273e09caa7\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\91e2bf8b1304a53f2a1ba3e9e1b0f59c\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\d9d9029b3aa498c2a0fbce72cd9095ee\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd9ff1a4363781a57e8f7392f230a203\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\676f0c851cf53544c219c57be442c39e\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7be1cefc27160df6de5609225ad8ec81\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2c9042a2e992054f144cee45f567968d\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\47c4ac6b41079edce1e1e2d69eef5535\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\00c2b464e52d4e82c04d61592a12a89d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\264e45d650f68a994571ab6eef563bdb\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5859b21b683c9f7f14622b57a90c63f1\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9bcb1a1906be6210598cfc972748830e\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\7057023b1bb89e4623a922b311be4dba\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d4d707aec7d81ab0129b80cee05e3cf0\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\574a49391addeea2fa98d2eed823956f\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fec007ea17ac8956cc5d6d4074dada6a\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\511c39d1efa06d262a6b2f47e2726c73\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6d3a5bd42cb7680e678605dbc10f7b90\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\367e5b8a038ac76eba17528bb7b3688e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ce3c98f2bf220ef17b0cf4233cac6ceb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77c1dc46ea139bf5e1eaa9b87ef03c7a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ad8dd536906e94c4bc9cb9b82285580b\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d042662345d4b8ce4a254833d13f666f\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fb963359e1261ca9fb22c7a02cbfc367\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ad92dab7f418877d6a1e0358ce35658a\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9f895c66454577eff9c77442d0c84f71\mscorlib.ni.dll ()
MOD - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll ()
MOD - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll ()
MOD - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll ()
MOD - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll ()
MOD - C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()


========== Services (SafeList) ==========

SRV - (DbxSvc) -- C:\Windows\System32\DbxSvc.exe (Dropbox, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Avira.ServiceHost) -- C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\Antivirus\avwebg7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WCAssistantService) -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe ()
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (Malwarebytes)
SRV - (NVDisplay.ContainerLocalSystem) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation)
SRV - (dbupdatem) -- C:\Program Files\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
SRV - (dbupdate) -- C:\Program Files\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
SRV - (DiagTrack) -- C:\Windows\System32\diagtrack.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (x10nets) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (X10)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV - (dbx) -- system32\DRIVERS\dbx.sys File not found
DRV - (MBAMFarflt) -- C:\Windows\System32\drivers\farflt.sys (Malwarebytes)
DRV - (MBAMWebProtection) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes)
DRV - (MBAMProtection) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes)
DRV - (MBAMChameleon) -- C:\Windows\System32\drivers\MbamChameleon.sys (Malwarebytes)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes)
DRV - (ESProtectionDriver) -- C:\Windows\System32\drivers\mbae.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avdevprot) -- C:\Windows\System32\drivers\avdevprot.sys (Avira Operations GmbH & Co. KG)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (Samsung Electronics Co., Ltd.)
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (Samsung Electronics Co., Ltd.)
DRV - (avnetflt) -- C:\Windows\System32\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {22F81F80-1D65-452A-8EC3-762CB85B3173}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 73 84 66 02 D8 0C D2 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {00F536EB-00FE-49C6-A84F-8F1EBF28F22E}
IE - HKCU\..\SearchScopes\{00F536EB-00FE-49C6-A84F-8F1EBF28F22E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{B916F720-CCBD-4F7C-9DEE-883E50C78BEC}: "URL" = https://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.region: "DE"
FF - prefs.js..browser.startup.homepage: "www1.online/?w=RD9898"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.141.2: C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.141.2: C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017/03/10 21:13:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 56.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 56.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017/03/10 21:13:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 56.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 56.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2016/09/13 11:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\Extensions
[2017/09/13 20:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\Firefox\Profiles\F5yPghi0.default\browser-extension-data
[2017/10/21 03:37:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\Firefox\Profiles\F5yPghi0.default\browser-extension-data\abs@avira.com
[2017/09/13 20:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\Firefox\Profiles\F5yPghi0.default\browser-extension-data\screenshots@mozilla.org
[2017/10/21 03:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\Firefox\Profiles\F5yPghi0.default\extensions
[2017/10/21 03:38:22 | 001,227,258 | ---- | M] () (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\firefox\profiles\F5yPghi0.default\extensions\abs@avira.com.xpi
[2017/10/21 03:38:21 | 001,243,571 | ---- | M] () (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\firefox\profiles\F5yPghi0.default\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi
[2017/10/12 14:26:51 | 000,132,293 | ---- | M] () (No name found) -- C:\Users\SARBAT\AppData\Roaming\mozilla\firefox\profiles\F5yPghi0.default\features\{44d43f93-3fb7-4478-8359-5418637a38b9}\shield-recipe-client@mozilla.org.xpi
[2017/10/12 14:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dropbox] C:\Program Files\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [OpenOffice Updater] C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater\Updater.exe ()
O4 - HKCU..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (Lavasoft)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: localhost ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: webcompanion.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab (Java Plug-in 11.141.2)
O16 - DPF: {CAFEEFAC-0018-0000-00121-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab (Java Plug-in 1.8.0_121)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab (Java Plug-in 11.141.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D6AFF5B-072D-4B6C-929A-C21954DB165D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2017/10/23 18:35:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SARBAT\Desktop\OTL.exe
[2017/10/23 18:11:40 | 000,091,576 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017/10/23 17:48:59 | 000,166,840 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MbamChameleon.sys
[2017/10/23 17:48:50 | 000,065,824 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017/10/23 17:48:41 | 000,040,384 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017/10/23 17:48:31 | 000,221,112 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2017/10/23 17:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017/10/23 17:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/10/23 17:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017/10/23 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\SARBAT\Desktop\Neuer Ordner
[2017/10/19 20:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
[2017/10/17 17:48:08 | 000,043,336 | ---- | C] (Dropbox, Inc.) -- C:\Windows\System32\DbxSvc.exe
[2017/10/17 17:48:08 | 000,035,432 | ---- | C] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-dev.sys
[2017/10/17 17:48:08 | 000,035,408 | ---- | C] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-stable.sys
[2017/10/17 17:48:08 | 000,035,408 | ---- | C] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-canary.sys
[2017/10/12 14:02:58 | 124,059,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRT-KB890830.exe
[2017/10/11 18:14:53 | 004,547,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2017/10/11 18:14:52 | 002,402,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2017/10/11 18:14:52 | 000,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2017/10/11 18:14:51 | 003,945,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2017/10/11 18:14:51 | 001,549,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2017/10/11 18:14:50 | 004,001,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2017/10/11 18:14:50 | 002,058,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2017/10/11 18:14:50 | 000,694,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2017/10/11 18:14:50 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2017/10/11 18:14:49 | 003,209,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2017/10/11 18:14:49 | 000,347,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2017/10/11 18:14:49 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2017/10/11 18:14:48 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2017/10/11 18:14:48 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2017/10/11 18:14:48 | 000,392,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2017/10/11 18:14:47 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2017/10/11 18:14:47 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2017/10/11 18:14:47 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2017/10/11 18:14:47 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2017/10/11 18:14:47 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2017/10/11 18:14:47 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2017/10/11 18:14:47 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2017/10/11 18:14:47 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2017/10/11 18:14:47 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2017/10/11 18:14:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2017/10/11 18:14:47 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2017/10/11 18:14:47 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2017/10/11 18:14:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2017/10/11 18:14:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2017/10/11 18:14:46 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2017/10/11 18:14:46 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2017/10/11 18:14:46 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2017/10/11 18:14:46 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2017/10/11 18:14:46 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2017/10/11 18:14:46 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2017/10/11 18:14:46 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2017/10/11 18:14:46 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2017/10/11 18:14:46 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2017/10/11 18:14:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2017/10/11 18:14:46 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2017/10/11 18:14:46 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2017/10/11 18:14:46 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2017/10/11 18:14:46 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2017/10/11 18:14:46 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2017/10/11 18:14:46 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2017/10/11 18:14:46 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2017/10/11 18:14:46 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2017/10/11 18:14:46 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2017/10/11 18:14:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2017/10/11 18:14:46 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2017/10/11 18:14:46 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2017/10/11 18:14:46 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2017/10/11 18:14:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2017/10/11 18:14:46 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll
[2017/10/11 18:14:46 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2017/10/11 18:14:46 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2017/10/11 18:14:46 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2017/10/11 18:14:46 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2017/10/11 18:14:46 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2017/10/11 18:14:46 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2017/10/11 18:14:46 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2017/10/11 18:14:46 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2017/10/11 18:14:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2017/10/11 18:14:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2017/10/11 18:14:46 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2017/10/11 18:14:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2017/10/11 18:14:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2017/10/23 18:35:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SARBAT\Desktop\OTL.exe
[2017/10/23 18:23:36 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/10/23 18:23:36 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/10/23 18:11:40 | 000,091,576 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017/10/23 18:11:40 | 000,065,824 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017/10/23 18:11:40 | 000,040,384 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017/10/23 18:08:42 | 000,001,198 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineCore.job
[2017/10/23 18:08:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/10/23 18:08:12 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys
[2017/10/23 17:56:19 | 000,001,202 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineUA.job
[2017/10/23 17:48:59 | 000,166,840 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MbamChameleon.sys
[2017/10/23 17:48:31 | 000,221,112 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2017/10/23 17:47:43 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/10/23 00:29:02 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2017/10/17 17:48:08 | 000,043,336 | ---- | M] (Dropbox, Inc.) -- C:\Windows\System32\DbxSvc.exe
[2017/10/17 17:48:08 | 000,035,432 | ---- | M] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-dev.sys
[2017/10/17 17:48:08 | 000,035,408 | ---- | M] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-stable.sys
[2017/10/17 17:48:08 | 000,035,408 | ---- | M] (Dropbox, Inc.) -- C:\Windows\System32\drivers\dbx-canary.sys
[2017/10/16 19:13:12 | 000,803,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2017/10/16 19:13:12 | 000,144,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2017/10/15 16:42:59 | 001,115,458 | ---- | M] () -- C:\Users\SARBAT\Desktop\Übungsaufgaben Skript 2017.pdf
[2017/10/13 13:53:39 | 000,699,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2017/10/13 13:53:39 | 000,654,140 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2017/10/13 13:53:39 | 000,149,450 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2017/10/13 13:53:39 | 000,122,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2017/10/12 18:34:01 | 000,472,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2017/10/12 14:03:00 | 124,059,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT-KB890830.exe
[2017/10/04 13:15:42 | 000,059,904 | ---- | M] () -- C:\Windows\System32\drivers\mbae.sys
[2017/09/23 20:40:21 | 000,130,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2017/10/23 17:47:43 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/10/23 17:47:38 | 000,059,904 | ---- | C] () -- C:\Windows\System32\drivers\mbae.sys
[2017/10/23 00:29:02 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2017/10/15 16:42:16 | 001,115,458 | ---- | C] () -- C:\Users\SARBAT\Desktop\Übungsaufgaben Skript 2017.pdf
[2017/09/01 22:57:41 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2017/09/01 22:57:41 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2017/09/01 21:49:44 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2017/03/10 20:55:50 | 000,233,456 | ---- | C] () -- C:\Windows\hpoins47.dat
[2017/02/07 14:33:12 | 000,269,600 | ---- | C] () -- C:\Windows\System32\vulkan-1.dll
[2017/02/07 14:33:12 | 000,110,880 | ---- | C] () -- C:\Windows\System32\vulkaninfo.exe
[2017/01/25 20:13:28 | 035,233,328 | ---- | C] () -- C:\Windows\System32\nvcompiler.dll
[2016/10/13 09:41:29 | 000,233,355 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
[2016/10/13 09:41:29 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2016/09/09 20:25:58 | 000,269,600 | ---- | C] () -- C:\Windows\System32\vulkan-1-1-0-26-0.dll
[2016/09/09 20:25:28 | 000,110,880 | ---- | C] () -- C:\Windows\System32\vulkaninfo-1-1-0-26-0.exe

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/08/15 17:10:54 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 83 bytes -> C:\Users\SARBAT\Desktop\Projektmanagement:com.dropbox.attributes

< End of report >
Zitat:
OTL Extras logfile created on: 10/23/2017 6:38:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SARBAT\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18816)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.18 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 22.56% Memory free
6.35 Gb Paging File | 2.28 Gb Available in Paging File | 35.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.07 Gb Total Space | 449.25 Gb Free Space | 79.50% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 1.11 Gb Free Space | 3.68% Space Free | Partition Type: NTFS

Computer Name: SARBAT-PC | User Name: SARBAT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc.enqueue] -- "C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc.play] -- "C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" "%1" (MPC-HC Team)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1060D103-90D8-4B8C-B244-959842EB4B6E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{1D6017BE-A550-4709-8D3B-5216FD0D985C}" = lport=137 | protocol=17 | dir=in | app=system |
"{28DBFF41-5648-4552-B3F8-9B617E1CA5EE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{41A27EBD-B185-4D78-B53C-84F23D654B3E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\opera\48.0.2685.39\opera.exe |
"{50FE4E62-04E5-4761-891A-86CBDF901D43}" = rport=138 | protocol=17 | dir=out | app=system |
"{51B9CE97-C47C-4107-AEC2-D0FAB9B8F29B}" = rport=445 | protocol=6 | dir=out | app=system |
"{58780FB4-80F9-45F1-9D61-E26AD9DC01FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8390ACE0-49BB-4107-A8BE-FB740D64436B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8E4F83AD-41DD-4512-8E15-3C181BB44173}" = lport=138 | protocol=17 | dir=in | app=system |
"{9368977F-51E4-4408-AE6A-FFE387880EA5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9513971E-A24D-4700-B60F-6A625D988B34}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\opera\48.0.2685.50\opera.exe |
"{9E1DF86D-E79C-41E4-B5CA-4893302BF4C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9EF866D-5D3B-4E29-A0D8-09AAF11F7B74}" = lport=139 | protocol=6 | dir=in | app=system |
"{C25576EE-60F4-4B42-BF69-6A7ECD4F66D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{D76C0F1E-888D-4289-BD8A-6210885792BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DA139DCA-7E57-4714-A03C-A0D0DDE972E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC5A7F37-4D8A-47FD-91EE-B1FA70382C1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F895F050-B559-4578-98D4-91A07E64AE51}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05916671-9299-46E5-A584-9297D56D0E04}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{101694CC-978D-4204-AF2E-84C24C6CE28B}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{10D06981-C45F-4DE5-8D99-9029D0DA5894}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{2B149D1F-1C8C-46FD-8DE4-66E6DF7160D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2C9F2046-15FD-4D51-9091-E6FD67D75874}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3147CA70-0D03-4D61-B979-D53CD904BB81}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{36E5E1B5-A087-4A67-BBDE-CC5403A353EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51D9E062-BC3E-460A-9DA1-EC00C0E61AFB}" = protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |
"{55CC1B6A-3695-4B99-923E-A0E1843E2430}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{625C91B8-0342-4013-A059-BC58F5ECF94B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{6460CEE5-80DC-45F7-A37D-865EE6C3110E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6699CC78-98F9-4B69-8461-8EDF1654F24B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6D5F4FF9-4102-4440-8FBD-AB939941172C}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{71F39BC3-7F61-4FCC-AAD0-E134E016E307}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{723B0637-366C-4656-A5FD-0C7A6C8C38EF}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{7DACDA9C-CBCB-4596-8C1B-130D6236D105}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{88734459-98E5-4EBA-AFBD-C6102C401C95}" = dir=in | app=e:\setup\hpznui01.exe |
"{90DD7FB5-380E-4D28-A698-9433761F5646}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{94310E3C-1C04-4165-8B16-1C8EF32D15DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94C6DDB5-5BA0-4C79-8E39-21BB702EEB9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{94EA3DBD-F490-4B7E-857C-BE6BB7DA2BC5}" = dir=in | app=c:\program files\dropbox\client\dropbox.exe |
"{967BB4E1-1EEF-40B2-BBD8-BCA977DF6D74}" = protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |
"{9D409B5F-E51B-468C-92F3-8959F692E1B7}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B425E638-1829-4A42-A3CD-37D7FC768DE4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C91C628F-5C05-4027-AF4F-5C8CF2F81613}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{C9C499E5-736D-4C19-B3F3-8BD1FF9C1054}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{CACB9EE4-9A80-45FA-84E2-FEADE1C2D886}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{D1FFAEF3-C6A6-402E-BD60-1CD879664965}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D3741DB1-E99D-492C-8113-28E1BD3626C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{DD83B366-C6ED-4B58-8435-0768E81A1FF1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{EB3B3BC1-FF9D-4248-911B-7F72E1C3D3AB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F11403C2-449B-46C1-B54E-2397026A23D2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FC60236F-8CEA-4E2F-A91B-2BE85E5E2C9C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"TCP Query User{1D625DD7-B346-470B-81D8-A5E128CB3CF7}C:\users\sarbat\documents\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\sarbat\documents\age of empires ii\empires2.exe |
"TCP Query User{28F63C74-5DA3-431B-872F-D1605888B5DE}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"TCP Query User{4BD084BC-47E0-4672-A91B-61D760CA3AA5}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |
"UDP Query User{68C6BB30-61BF-4D95-BC87-FA6F10EE9C6A}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"UDP Query User{9D4F346A-B4CB-45B1-9016-4722820BD821}C:\users\sarbat\documents\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\sarbat\documents\age of empires ii\empires2.exe |
"UDP Query User{C9F12131-48AA-4D9E-88FA-3754B59E31D9}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}" = Minecraft
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2297ea72-567b-4acb-9bc8-a965250b5b56}" = Web Companion
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F32180141F0}" = Java 8 Update 141
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A842F3F-CE6D-3DFD-9ECB-9CC3C5150A67}" = Microsoft .NET Framework 4.7
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes Version 3.2.2.2029
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79C4A62C-8CC2-44AC-91FE-1299A215B4B7}" = Avira
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D5FCC56-BB9F-4122-923C-71753F50F6F5}" = OpenOffice 4.1.3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 376.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 376.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 376.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}" = HPDiagnosticAlert
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{e6e75766-da0f-4ba2-9788-6ea593ce702d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{f5da837f-e932-4f55-995c-7e97c5cbebdd}" = Avira
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 27 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 27 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 27 PPAPI
"Avira Antivirus" = Avira Antivirus
"AviSynth" = AviSynth 2.6
"Dassault Systemes B19_0" = Dassault Systemes Software B19
"Dropbox" = Dropbox
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Mozilla Firefox 56.0 (x86 de)" = Mozilla Firefox 56.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 48.0.2685.50" = Opera Stable 48.0.2685.50
"Recuva" = Recuva
"S2TNG" = Die Siedler II - Die nächste Generation
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VulkanRT1.0.26.0" = Vulkan Run Time Libraries 1.0.26.0
"Websuche" = Websuche
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.40 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! SearchSet" = Yahoo Search Set

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"036a0e4fc6a247ec" = MyHarmony
"OpenOffice Updater" = OpenOffice Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2017 9:05:58 PM | Computer Name = SARBAT-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.9.0, Zeitstempel:
0x4acfa581 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x01834ab3 ID des fehlerhaften Prozesses:
0x6ca8 Startzeit der fehlerhaften Anwendung: 0x01d33a5010828cd6 Pfad der fehlerhaften
Anwendung: C:\Program Files\HP\HP Software Update\HPWUCli.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: aeb71540-a644-11e7-9fa5-00262dc14cb8

Error - 10/9/2017 1:28:51 PM | Computer Name = SARBAT-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 47.0.2631.80 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9430 Startzeit:
01d33e005acb9b1d Endzeit: 3855 Anwendungspfad: C:\Program Files\Opera\47.0.2631.80\opera.exe

Berichts-ID:
0b5f2495-ad17-11e7-9fa5-00262dc14cb8

Error - 10/12/2017 8:19:34 AM | Computer Name = SARBAT-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 10/17/2017 11:27:35 AM | Computer Name = SARBAT-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: opera_autoupdate.exe, Version: 48.0.2685.39,
Zeitstempel: 0x59dbb456 Name des fehlerhaften Moduls: opera_autoupdate.exe, Version:
48.0.2685.39, Zeitstempel: 0x59dbb456 Ausnahmecode: 0x80000003 Fehleroffset: 0x000c2d94
ID
des fehlerhaften Prozesses: 0x2138 Startzeit der fehlerhaften Anwendung: 0x01d3475c6283d73b
Pfad
der fehlerhaften Anwendung: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Berichtskennung:
b32c094c-b34f-11e7-ad35-00262dc14cb8

Error - 10/21/2017 10:32:37 AM | Computer Name = SARBAT-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 56.0.0.6478,
Zeitstempel: 0x59cab8da Name des fehlerhaften Moduls: xul.dll, Version: 56.0.0.6478,
Zeitstempel: 0x59cab8c9 Ausnahmecode: 0x80000003 Fehleroffset: 0x00c47e59 ID des fehlerhaften
Prozesses: 0x31d0 Startzeit der fehlerhaften Anwendung: 0x01d34a104438963d Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung:
ae9a954b-b66c-11e7-9e38-00262dc14cb8

[ System Events ]
Error - 10/21/2017 1:59:25 PM | Computer Name = SARBAT-PC | Source = DCOM | ID = 10010
Description =

Error - 10/21/2017 1:59:38 PM | Computer Name = SARBAT-PC | Source = DCOM | ID = 10010
Description =

Error - 10/21/2017 2:02:06 PM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Service Host erreicht.

Error - 10/21/2017 2:11:49 PM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error - 10/22/2017 2:15:31 PM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%5

Error - 10/22/2017 2:16:00 PM | Computer Name = SARBAT-PC | Source = DCOM | ID = 10010
Description =

Error - 10/22/2017 6:21:03 PM | Computer Name = SARBAT-PC | Source = DCOM | ID = 10010
Description =

Error - 10/22/2017 6:21:10 PM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%5

Error - 10/23/2017 8:50:56 AM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Avira.ServiceHost erreicht.

Error - 10/23/2017 12:17:05 PM | Computer Name = SARBAT-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.


< End of report >

Alt 23.10.2017, 19:45   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Hi,
OTL ist zwar obsolet, sieht aber unkritisch aus. Selbiges gilt für Deine Fallbeschreibung.
Hast Du die Email noch?
__________________

__________________

Alt 23.10.2017, 19:45   #3
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Hi,
OTL ist zwar obsolet, sieht aber unkritisch aus. Selbiges gilt für Deine Fallbeschreibung.
Hast Du die Email noch?
__________________
__________________

Alt 23.10.2017, 19:57   #4
Kohna
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Zitat:
Zitat von deeprybka Beitrag anzeigen
Hi,
OTL ist zwar obsolet, sieht aber unkritisch aus. Selbiges gilt für Deine Fallbeschreibung.
Hast Du die Email noch?
Nein habe sie direkt gelöscht vor Panik.
Nach dem klicken auf den Link kam auf der Seite ein Satz in deutsch und anderen verschiedenen Sprachen und deren Flaggen dazu links.

Alt 23.10.2017, 20:24   #5
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Willst Du unbedingt formatieren oder sollen wir schauen ob der PC sauber ist. Mit großer Wahrscheinlichkeit ist er das nämlich....

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 23.10.2017, 20:28   #6
Kohna
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Zitat:
Zitat von deeprybka Beitrag anzeigen
Willst Du unbedingt formatieren oder sollen wir schauen ob der PC sauber ist. Mit großer Wahrscheinlichkeit ist er das nämlich....
Lieber schauen, ob es noch sauber ist

Alt 24.10.2017, 07:45   #7
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



OK...

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 24.10.2017, 07:45   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



OK...

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 24.10.2017, 17:37   #9
Kohna
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2017 01
durchgeführt von SARBAT (Administrator) auf SARBAT-PC (24-10-2017 17:12:04)
Gestartet von C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4632_30018
Geladene Profile: UpdatusUser & SARBAT &  (Verfügbare Profile: UpdatusUser & SARBAT)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera_crashreporter.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3566904 2017-10-17] (Dropbox, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181006044\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-09-07] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181007058\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008103\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [OpenOffice Updater] => C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater\Updater.exe [388032 2017-05-02] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [2546280 2017-09-13] (Lavasoft)
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [OpenOffice Updater] => C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater\Updater.exe [388032 2017-05-02] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [2546280 2017-09-13] (Lavasoft)
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-09-07] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinit.dll => C:\Windows\system32\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-03-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6D6AFF5B-072D-4B6C-929A-C21954DB165D}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {22F81F80-1D65-452A-8EC3-762CB85B3173} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> DefaultScope {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> {B916F720-CCBD-4F7C-9DEE-883E50C78BEC} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> DefaultScope {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> {B916F720-CCBD-4F7C-9DEE-883E50C78BEC} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  Keine Datei
Toolbar: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  Keine Datei
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00121-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default [2017-10-21]
FF Homepage: Mozilla\Firefox\Profiles\F5yPghi0.default -> www1.online/?w=RD9898
FF Extension: (Avira Browserschutz) - C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default\Extensions\abs@avira.com.xpi [2017-10-21]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-10-21]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017-03-10] [ist nicht signiert]
FF HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-16] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\SARBAT\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-10-05]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1128432 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [490968 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [490968 2017-10-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1525240 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-10-16] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-30] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-10-17] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [421944 2016-12-29] (NVIDIA Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-12] () [Datei ist nicht signiert]
R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2017-09-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [Datei ist nicht signiert]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [46440 2017-06-17] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [130912 2017-09-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153664 2017-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [59000 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-10-04] ()
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [166840 2017-10-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-10-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40384 2017-10-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-10-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-10-24] (Malwarebytes)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [42936 2017-01-25] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-10-24 17:11 - 2017-10-24 17:12 - 000000000 ____D C:\FRST
2017-10-24 17:08 - 2017-10-24 17:10 - 001799680 _____ (Farbar) C:\Users\SARBAT\Desktop\FRST.exe
2017-10-23 18:59 - 2017-10-23 18:59 - 000063118 _____ C:\Users\SARBAT\Desktop\Extras.Txt
2017-10-23 18:57 - 2017-10-23 18:57 - 000095248 _____ C:\Users\SARBAT\Desktop\OTL.Txt
2017-10-23 18:35 - 2017-10-23 18:35 - 000602112 _____ (OldTimer Tools) C:\Users\SARBAT\Desktop\OTL.exe
2017-10-23 18:35 - 2017-10-23 18:35 - 000002747 _____ C:\Users\SARBAT\Desktop\MAM-Bericht.txt
2017-10-23 18:11 - 2017-10-23 18:11 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-23 17:48 - 2017-10-24 17:08 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-23 17:48 - 2017-10-23 18:11 - 000040384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-23 17:48 - 2017-10-23 17:48 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-23 17:48 - 2017-10-23 17:48 - 000166840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-23 17:47 - 2017-10-23 17:47 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-23 17:47 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-10-23 17:36 - 2017-10-23 17:45 - 071535032 _____ (Malwarebytes ) C:\Users\SARBAT\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-23 16:54 - 2017-10-23 17:26 - 000000000 ____D C:\Users\SARBAT\Desktop\Neuer Ordner
2017-10-23 00:29 - 2017-10-23 00:29 - 000001082 _____ C:\Users\Public\Desktop\Avira.lnk
2017-10-19 20:46 - 2017-10-19 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-17 17:48 - 2017-10-17 17:48 - 000043336 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-10-17 17:48 - 2017-10-17 17:48 - 000035432 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-10-17 17:48 - 2017-10-17 17:48 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-10-17 17:48 - 2017-10-17 17:48 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-10-15 16:42 - 2017-10-15 16:42 - 001115458 _____ C:\Users\SARBAT\Desktop\Übungsaufgaben Skript 2017.pdf
2017-10-12 14:02 - 2017-10-12 14:03 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-11 18:14 - 2017-09-13 17:13 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-11 18:14 - 2017-09-13 17:10 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-11 18:14 - 2017-09-13 16:53 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-11 18:14 - 2017-09-13 16:50 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-11 18:14 - 2017-09-13 16:50 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-11 18:14 - 2017-09-13 16:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-11 18:14 - 2017-09-13 16:50 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-11 18:14 - 2017-09-13 16:50 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-11 18:14 - 2017-09-13 16:48 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-11 18:14 - 2017-09-13 16:46 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-11 18:14 - 2017-09-09 01:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-11 18:14 - 2017-09-08 17:14 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-11 18:14 - 2017-09-08 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-11 18:14 - 2017-09-08 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-11 18:14 - 2017-09-08 17:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-11 18:14 - 2017-09-08 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-11 18:14 - 2017-09-08 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-11 18:14 - 2017-09-08 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-11 18:14 - 2017-09-08 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-11 18:14 - 2017-09-08 16:50 - 002402304 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-11 18:14 - 2017-09-08 16:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
2017-10-11 18:14 - 2017-09-08 16:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-10-11 18:14 - 2017-09-08 16:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
2017-10-11 18:14 - 2017-09-07 21:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-11 18:14 - 2017-09-07 21:26 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-11 18:14 - 2017-09-07 21:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-11 18:14 - 2017-09-07 21:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-11 18:14 - 2017-09-07 21:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-11 18:14 - 2017-09-07 21:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-11 18:14 - 2017-09-07 21:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-11 18:14 - 2017-09-07 21:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-11 18:14 - 2017-09-07 21:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-11 18:14 - 2017-09-07 21:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-11 18:14 - 2017-09-07 21:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-11 18:14 - 2017-09-07 20:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-11 18:14 - 2017-09-07 20:58 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-11 18:14 - 2017-09-07 20:52 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-11 18:14 - 2017-09-07 20:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-11 18:14 - 2017-09-07 20:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-11 18:14 - 2017-09-07 20:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-11 18:14 - 2017-09-07 20:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-11 18:14 - 2017-09-07 20:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-11 18:14 - 2017-09-07 20:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-11 18:14 - 2017-09-07 20:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-11 18:14 - 2017-09-07 20:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-11 18:14 - 2017-09-07 20:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-11 18:14 - 2017-09-07 20:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-11 18:14 - 2017-09-07 20:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-11 18:14 - 2017-09-07 20:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-11 18:14 - 2017-09-07 20:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-11 18:14 - 2017-09-07 20:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-11 18:14 - 2017-09-07 20:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-11 18:14 - 2017-09-07 20:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-11 18:14 - 2017-09-07 19:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-11 18:14 - 2017-09-07 19:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-11 18:14 - 2017-09-07 17:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-11 18:14 - 2017-09-07 16:48 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-11 18:14 - 2017-09-07 16:48 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-11 18:14 - 2017-09-07 16:48 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-11 18:14 - 2017-08-19 17:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-11 18:14 - 2017-08-19 17:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-11 18:14 - 2017-08-19 17:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-10-11 18:14 - 2017-08-19 16:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-10-11 18:14 - 2017-08-19 16:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-10-11 18:14 - 2017-08-14 19:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-11 18:14 - 2017-08-14 19:35 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-10-11 18:14 - 2017-08-13 23:35 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-10-24 17:11 - 2009-07-14 06:34 - 000009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-24 17:11 - 2009-07-14 06:34 - 000009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-24 17:03 - 2016-09-30 23:05 - 000001202 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-23 21:02 - 2016-09-30 23:05 - 000001198 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-23 20:35 - 2016-09-30 23:14 - 000000000 ___RD C:\Users\SARBAT\Dropbox
2017-10-23 18:10 - 2016-12-31 11:41 - 000000000 ____D C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater
2017-10-23 18:08 - 2010-08-09 07:02 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-23 18:08 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-23 16:46 - 2017-02-05 17:53 - 000001277 _____ C:\Users\SARBAT\Desktop\Opera Tabs.txt
2017-10-23 15:03 - 2016-09-04 22:47 - 000000000 ____D C:\Program Files\Opera
2017-10-23 00:29 - 2016-09-04 23:11 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-23 00:29 - 2016-09-04 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-22 18:07 - 2017-07-09 11:56 - 000001245 _____ C:\Users\SARBAT\Desktop\nativelog.txt
2017-10-22 00:27 - 2017-02-07 12:52 - 000000000 ____D C:\Users\SARBAT\AppData\Roaming\.minecraft
2017-10-21 16:32 - 2017-02-18 18:53 - 000000000 ____D C:\Users\SARBAT\AppData\Local\CrashDumps
2017-10-21 03:27 - 2016-11-20 14:15 - 000000000 ____D C:\Users\SARBAT\AppData\LocalLow\Mozilla
2017-10-19 20:46 - 2016-09-30 23:05 - 000000000 ____D C:\Program Files\Dropbox
2017-10-16 19:13 - 2016-09-06 11:32 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-10-16 19:13 - 2016-09-06 11:32 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-10-16 19:13 - 2010-08-09 14:01 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-13 13:53 - 2010-07-06 22:23 - 001619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-13 13:53 - 2010-05-12 15:13 - 000699342 _____ C:\Windows\system32\perfh007.dat
2017-10-13 13:53 - 2010-05-12 15:13 - 000149450 _____ C:\Windows\system32\perfc007.dat
2017-10-13 13:53 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-10-12 20:02 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2017-10-12 18:38 - 2010-08-09 07:02 - 000000000 ____D C:\Users\UpdatusUser
2017-10-12 18:34 - 2009-07-14 06:33 - 000472696 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-12 14:13 - 2016-10-23 11:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-12 14:13 - 2016-09-13 11:52 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-12 14:09 - 2016-09-08 18:14 - 000000000 ____D C:\Windows\system32\MRT
2017-10-12 14:02 - 2010-07-06 23:03 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-27 16:52 - 2017-03-10 21:17 - 000012755 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
2016-09-04 23:19 - 2016-09-04 23:19 - 000000000 ____D () C:\Users\SARBAT\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-10-21 18:06

==================== Ende vom FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version: 23-10-2017 01
durchgeführt von SARBAT (24-10-2017 17:15:32)
Gestartet von C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4632_30018
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2016-09-04 20:22:53)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1733954782-861682868-1594596262-500 - Administrator - Disabled)
Gast (S-1-5-21-1733954782-861682868-1594596262-501 - Limited - Disabled)
SARBAT (S-1-5-21-1733954782-861682868-1594596262-1001 - Administrator - Enabled) => C:\Users\SARBAT
UpdatusUser (S-1-5-21-1733954782-861682868-1594596262-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

32 Bit HP CIO Components Installer (HKLM\...\{A80FA752-C491-4ED9-ABF0-4278563160B2}) (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Avira (HKLM\...\{79C4A62C-8CC2-44AC-91FE-1299A215B4B7}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM\...\{f5da837f-e932-4f55-995c-7e97c5cbebdd}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.32.12 - Avira Operations GmbH & Co. KG)
AviSynth 2.6 (HKLM\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
B110 (HKLM\...\{9F9A2D22-7E30-4546-B817-10644FFB9935}) (Version: 140.0.283.000 - Hewlett-Packard) Hidden
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
BufferChm (HKLM\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CorelDRAW Essentials 4 - Content (HKLM\...\{19AC095C-3520-4999-AA15-93B6D0248A50}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (HKLM\...\{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (HKLM\...\{F16841F6-5F0F-4DBE-B318-63CEB916F21D}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (HKLM\...\{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (HKLM\...\{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (HKLM\...\{ABD8B955-1C69-4AF3-949B-13CD587C175F}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (HKLM\...\{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (HKLM\...\{34A9406E-1994-4C20-AC72-04CFA2B24545}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (HKLM\...\{C682F3F0-00A6-4379-B083-4F3273624D7B}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (HKLM\...\{BA9319FE-BCEF-4C99-8039-F464648D046E}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (HKLM\...\{3576C335-958D-4D60-A812-F68F9A2796AF}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (HKLM\...\{5500BB35-1C21-4328-9F16-F894B860FADE}) (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (HKLM\...\{07B62101-7EBD-434A-94B1-B38063BE5516}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (HKLM\...\{9043B9A0-9505-405B-8202-E7167A38A89C}) (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021 - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2718 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
Dassault Systemes Software B19 (HKLM\...\Dassault Systemes B19_0) (Version:  - )
Dassault Systemes Software Prerequisites x86 (HKLM\...\{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}) (Version: 8.1.3 - Dassault Systemes)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Die Siedler II - Die nächste Generation (HKLM\...\S2TNG) (Version:  - )
Dropbox (HKLM\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 18.6 - Thüringer Landesfinanzdirektion)
GPBaseService2 (HKLM\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (HKLM\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 8 Update 141 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.2 - Wistron Corp.)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarketResearch (HKLM\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.) Hidden
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 56.0 (x86 de) (HKLM\...\Mozilla Firefox 56.0 (x86 de)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
MyHarmony (HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Network (HKLM\...\{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Treiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
OpenOffice Updater (HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice)
OpenOffice Updater (HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice)
Opera Stable 48.0.2685.50 (HKLM\...\Opera 48.0.2685.50) (Version: 48.0.2685.50 - Opera Software)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_07_B110_SW_Min (HKLM\...\{F88E2E04-7EF5-488C-8E38-C94EB808458E}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (HKLM\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Scan (HKLM\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (HKLM\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (HKLM\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Toolbox (HKLM\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Web Companion (HKLM\...\{2297ea72-567b-4acb-9bc8-a965250b5b56}) (Version: 3.2.1725.3256 - Lavasoft)
WebReg (HKLM\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Websuche (HKLM\...\Websuche) (Version:  - Websuche)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.40 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version:  - )
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-10-15] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-10-15] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {110C67E6-C2B8-4DDC-914B-68B0C4EE83D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {25E89319-E128-4E4F-A434-63B151778D81} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {2E3CE279-534C-4403-9C38-C0C0B43BBB1F} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-08-18] ()
Task: {3016DA09-BA07-4F74-92E5-B17D226FC984} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {569898AC-90E9-4B42-8E5A-9241C6E672F9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {704603C8-C524-4A1E-925C-42D31B199605} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-09-30] (Dropbox, Inc.)
Task: {8C726C72-E741-4DED-81E0-7AB01270973E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-09-30] (Dropbox, Inc.)
Task: {95CCA7F0-8969-4D73-B038-B51F0D9E73F0} - System32\Tasks\{AA520783-31E2-4877-92A1-C73D10E96BA3} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {C72C9538-06E3-4747-A3EB-F26500966247} - System32\Tasks\Opera scheduled Autoupdate 1498217446 => C:\Program Files\Opera\launcher.exe [2017-10-17] (Opera Software)
Task: {DC8F13ED-91DF-4100-AD31-15019320CB28} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2017-10-15] (Avira Operations GmbH & Co. KG)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2010-08-09 14:14 - 2010-02-12 16:20 - 000244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2017-09-01 21:06 - 2017-09-13 20:15 - 000025704 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2017-09-01 21:06 - 2017-09-13 20:15 - 000017000 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000036456 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2017-01-25 20:13 - 2017-01-25 20:13 - 000027576 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2017-02-07 14:32 - 2016-12-29 15:08 - 000121792 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-10-23 17:47 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-23 17:47 - 2017-10-04 13:15 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 000619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 000013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2017-10-19 20:44 - 2017-10-17 17:48 - 000771904 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2017-10-19 20:44 - 2017-10-17 17:48 - 001804608 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
2017-10-05 18:35 - 2017-10-17 17:47 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000130512 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001856848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-10-19 20:44 - 2017-10-17 17:47 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-10-05 18:35 - 2017-10-17 17:47 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2017-10-19 20:44 - 2017-10-17 17:47 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-10-05 18:35 - 2017-10-17 17:50 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000026056 _____ () C:\Program Files\Dropbox\Client\win32job.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000021824 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000023368 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000022856 _____ () C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000066392 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001796920 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000084424 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001956152 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 003859264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000154440 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000521024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000045888 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000042304 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000131384 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000218944 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000204096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000025424 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2017-10-19 20:44 - 2017-10-17 17:49 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-10-05 18:35 - 2017-10-17 17:50 - 000030536 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.DLL
2017-10-19 20:44 - 2017-10-17 17:49 - 001638200 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-10-05 18:35 - 2017-10-17 17:50 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000545080 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000359224 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000038208 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngine.pyd
2012-01-10 22:12 - 2012-01-10 22:12 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000109160 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000110696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000058984 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000312424 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000084072 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2017-10-23 15:03 - 2017-10-23 15:03 - 067069016 _____ () C:\Program Files\Opera\48.0.2685.50\opera_browser.dll
2017-09-21 13:30 - 2017-09-21 13:30 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2b5f4a6496e65d431698f64ba7160604\IsdiInterop.ni.dll
2010-08-09 14:36 - 2010-03-04 05:08 - 000058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2017-10-23 15:03 - 2017-10-23 15:02 - 003113560 _____ () C:\Program Files\Opera\48.0.2685.50\libglesv2.dll
2017-10-23 15:03 - 2017-10-23 15:02 - 000087640 _____ () C:\Program Files\Opera\48.0.2685.50\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\SARBAT\Desktop\Projektmanagement:com.dropbox.attributes [168]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:04 - 2009-06-10 23:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1733954782-861682868-1594596262-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SARBAT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Control Panel\Desktop\\Wallpaper -> C:\Users\SARBAT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{625C91B8-0342-4013-A059-BC58F5ECF94B}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{723B0637-366C-4656-A5FD-0C7A6C8C38EF}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{101694CC-978D-4204-AF2E-84C24C6CE28B}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{967BB4E1-1EEF-40B2-BBD8-BCA977DF6D74}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{51D9E062-BC3E-460A-9DA1-EC00C0E61AFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6460CEE5-80DC-45F7-A37D-865EE6C3110E}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{7DACDA9C-CBCB-4596-8C1B-130D6236D105}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D76C0F1E-888D-4289-BD8A-6210885792BA}] => (Allow) svchost.exe
FirewallRules: [{6699CC78-98F9-4B69-8461-8EDF1654F24B}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{0B5B1F51-77F7-49D0-8CE0-7A5D9A5293D1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{6D5F4FF9-4102-4440-8FBD-AB939941172C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C91C628F-5C05-4027-AF4F-5C8CF2F81613}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{88734459-98E5-4EBA-AFBD-C6102C401C95}] => (Allow) E:\setup\hpznui01.exe
FirewallRules: [{DD83B366-C6ED-4B58-8435-0768E81A1FF1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{2B149D1F-1C8C-46FD-8DE4-66E6DF7160D1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{05916671-9299-46E5-A584-9297D56D0E04}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{10D06981-C45F-4DE5-8D99-9029D0DA5894}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{55CC1B6A-3695-4B99-923E-A0E1843E2430}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EB3B3BC1-FF9D-4248-911B-7F72E1C3D3AB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{71F39BC3-7F61-4FCC-AAD0-E134E016E307}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C9C499E5-736D-4C19-B3F3-8BD1FF9C1054}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{FC60236F-8CEA-4E2F-A91B-2BE85E5E2C9C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{3147CA70-0D03-4D61-B979-D53CD904BB81}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D3741DB1-E99D-492C-8113-28E1BD3626C3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{CACB9EE4-9A80-45FA-84E2-FEADE1C2D886}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{9D409B5F-E51B-468C-92F3-8959F692E1B7}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{4BD084BC-47E0-4672-A91B-61D760CA3AA5}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe
FirewallRules: [UDP Query User{C9F12131-48AA-4D9E-88FA-3754B59E31D9}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe
FirewallRules: [TCP Query User{28F63C74-5DA3-431B-872F-D1605888B5DE}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe
FirewallRules: [UDP Query User{68C6BB30-61BF-4D95-BC87-FA6F10EE9C6A}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe
FirewallRules: [TCP Query User{1D625DD7-B346-470B-81D8-A5E128CB3CF7}C:\users\sarbat\documents\age of empires ii\empires2.exe] => (Allow) C:\users\sarbat\documents\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{9D4F346A-B4CB-45B1-9016-4722820BD821}C:\users\sarbat\documents\age of empires ii\empires2.exe] => (Allow) C:\users\sarbat\documents\age of empires ii\empires2.exe
FirewallRules: [{41A27EBD-B185-4D78-B53C-84F23D654B3E}] => (Allow) C:\Program Files\Opera\48.0.2685.39\opera.exe
FirewallRules: [{94EA3DBD-F490-4B7E-857C-BE6BB7DA2BC5}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{9513971E-A24D-4700-B60F-6A625D988B34}] => (Allow) C:\Program Files\Opera\48.0.2685.50\opera.exe

==================== Wiederherstellungspunkte =========================

21-10-2017 18:13:48 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/21/2017 04:32:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 56.0.0.6478, Zeitstempel: 0x59cab8da
Name des fehlerhaften Moduls: xul.dll, Version: 56.0.0.6478, Zeitstempel: 0x59cab8c9
Ausnahmecode: 0x80000003
Fehleroffset: 0x00c47e59
ID des fehlerhaften Prozesses: 0x31d0
Startzeit der fehlerhaften Anwendung: 0x01d34a104438963d
Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll
Berichtskennung: ae9a954b-b66c-11e7-9e38-00262dc14cb8

Error: (10/17/2017 05:27:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opera_autoupdate.exe, Version: 48.0.2685.39, Zeitstempel: 0x59dbb456
Name des fehlerhaften Moduls: opera_autoupdate.exe, Version: 48.0.2685.39, Zeitstempel: 0x59dbb456
Ausnahmecode: 0x80000003
Fehleroffset: 0x000c2d94
ID des fehlerhaften Prozesses: 0x2138
Startzeit der fehlerhaften Anwendung: 0x01d3475c6283d73b
Pfad der fehlerhaften Anwendung: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Berichtskennung: b32c094c-b34f-11e7-ad35-00262dc14cb8

Error: (10/12/2017 02:19:34 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (10/09/2017 07:28:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 47.0.2631.80 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 9430

Startzeit: 01d33e005acb9b1d

Endzeit: 3855

Anwendungspfad: C:\Program Files\Opera\47.0.2631.80\opera.exe

Berichts-ID: 0b5f2495-ad17-11e7-9fa5-00262dc14cb8

Error: (10/01/2017 03:05:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.9.0, Zeitstempel: 0x4acfa581
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01834ab3
ID des fehlerhaften Prozesses: 0x6ca8
Startzeit der fehlerhaften Anwendung: 0x01d33a5010828cd6
Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP Software Update\HPWUCli.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: aeb71540-a644-11e7-9fa5-00262dc14cb8


Systemfehler:
=============
Error: (10/23/2017 06:17:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (10/23/2017 02:50:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Avira.ServiceHost erreicht.

Error: (10/23/2017 12:21:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Zugriff verweigert

Error: (10/23/2017 12:21:03 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/22/2017 08:16:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{752073A1-23F2-4396-85F0-8FDB879ED0ED}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/22/2017 08:15:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Zugriff verweigert

Error: (10/21/2017 08:11:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (10/21/2017 08:02:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (10/21/2017 07:59:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/21/2017 07:59:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Prozentuale Nutzung des RAM: 89%
Installierter physikalischer RAM: 3253.42 MB
Verfügbarer physikalischer RAM: 357.19 MB
Summe virtueller Speicher: 7405.16 MB
Verfügbarer virtueller Speicher: 677.83 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:447.37 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:1.11 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 075432EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende vom Addition.txt ============================
         

Alt 24.10.2017, 17:40   #10
Kohna
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2017 01
durchgeführt von SARBAT (Administrator) auf SARBAT-PC (24-10-2017 17:12:04)
Gestartet von C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4632_30018
Geladene Profile: UpdatusUser & SARBAT &  (Verfügbare Profile: UpdatusUser & SARBAT)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera_crashreporter.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Opera Software) C:\Program Files\Opera\48.0.2685.50\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3566904 2017-10-17] (Dropbox, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181006044\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-09-07] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181007058\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008103\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-1733954782-861682868-1594596262-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [OpenOffice Updater] => C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater\Updater.exe [388032 2017-05-02] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [2546280 2017-09-13] (Lavasoft)
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [OpenOffice Updater] => C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater\Updater.exe [388032 2017-05-02] ()
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [2546280 2017-09-13] (Lavasoft)
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-09-07] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinit.dll => C:\Windows\system32\nvinit.dll [158392 2017-01-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-03-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6D6AFF5B-072D-4B6C-929A-C21954DB165D}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope {22F81F80-1D65-452A-8EC3-762CB85B3173} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> DefaultScope {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> {B916F720-CCBD-4F7C-9DEE-883E50C78BEC} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> DefaultScope {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> {00F536EB-00FE-49C6-A84F-8F1EBF28F22E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> {B916F720-CCBD-4F7C-9DEE-883E50C78BEC} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1733954782-861682868-1594596262-1001 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  Keine Datei
Toolbar: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193 -> Kein Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  Keine Datei
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00121-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_121-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default [2017-10-21]
FF Homepage: Mozilla\Firefox\Profiles\F5yPghi0.default -> www1.online/?w=RD9898
FF Extension: (Avira Browserschutz) - C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default\Extensions\abs@avira.com.xpi [2017-10-21]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\SARBAT\AppData\Roaming\Mozilla\Firefox\Profiles\F5yPghi0.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-10-21]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017-03-10] [ist nicht signiert]
FF HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-16] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\SARBAT\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-10-05]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1128432 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [490968 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [490968 2017-10-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1525240 2017-10-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-10-16] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-30] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-10-17] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [421944 2016-12-29] (NVIDIA Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1620584 2010-07-27] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-12] () [Datei ist nicht signiert]
R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2017-09-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [Datei ist nicht signiert]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [46440 2017-06-17] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [130912 2017-09-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153664 2017-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [59000 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-10-04] ()
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [166840 2017-10-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-10-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40384 2017-10-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-10-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-10-24] (Malwarebytes)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [42936 2017-01-25] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-10-24 17:11 - 2017-10-24 17:12 - 000000000 ____D C:\FRST
2017-10-24 17:08 - 2017-10-24 17:10 - 001799680 _____ (Farbar) C:\Users\SARBAT\Desktop\FRST.exe
2017-10-23 18:59 - 2017-10-23 18:59 - 000063118 _____ C:\Users\SARBAT\Desktop\Extras.Txt
2017-10-23 18:57 - 2017-10-23 18:57 - 000095248 _____ C:\Users\SARBAT\Desktop\OTL.Txt
2017-10-23 18:35 - 2017-10-23 18:35 - 000602112 _____ (OldTimer Tools) C:\Users\SARBAT\Desktop\OTL.exe
2017-10-23 18:35 - 2017-10-23 18:35 - 000002747 _____ C:\Users\SARBAT\Desktop\MAM-Bericht.txt
2017-10-23 18:11 - 2017-10-23 18:11 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-23 17:48 - 2017-10-24 17:08 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-23 17:48 - 2017-10-23 18:11 - 000040384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-23 17:48 - 2017-10-23 17:48 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-23 17:48 - 2017-10-23 17:48 - 000166840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-23 17:47 - 2017-10-23 17:47 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-23 17:47 - 2017-10-23 17:47 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-23 17:47 - 2017-10-04 13:15 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-10-23 17:36 - 2017-10-23 17:45 - 071535032 _____ (Malwarebytes ) C:\Users\SARBAT\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-23 16:54 - 2017-10-23 17:26 - 000000000 ____D C:\Users\SARBAT\Desktop\Neuer Ordner
2017-10-23 00:29 - 2017-10-23 00:29 - 000001082 _____ C:\Users\Public\Desktop\Avira.lnk
2017-10-19 20:46 - 2017-10-19 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-17 17:48 - 2017-10-17 17:48 - 000043336 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-10-17 17:48 - 2017-10-17 17:48 - 000035432 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-10-17 17:48 - 2017-10-17 17:48 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-10-17 17:48 - 2017-10-17 17:48 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-10-15 16:42 - 2017-10-15 16:42 - 001115458 _____ C:\Users\SARBAT\Desktop\Übungsaufgaben Skript 2017.pdf
2017-10-12 14:02 - 2017-10-12 14:03 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-11 18:14 - 2017-09-13 17:13 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-11 18:14 - 2017-09-13 17:13 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-11 18:14 - 2017-09-13 17:10 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-11 18:14 - 2017-09-13 17:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-11 18:14 - 2017-09-13 17:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-11 18:14 - 2017-09-13 16:53 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-11 18:14 - 2017-09-13 16:50 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-11 18:14 - 2017-09-13 16:50 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-11 18:14 - 2017-09-13 16:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-11 18:14 - 2017-09-13 16:50 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-11 18:14 - 2017-09-13 16:50 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-11 18:14 - 2017-09-13 16:48 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-11 18:14 - 2017-09-13 16:46 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-11 18:14 - 2017-09-13 16:46 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-11 18:14 - 2017-09-13 16:46 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-11 18:14 - 2017-09-09 01:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-11 18:14 - 2017-09-08 17:14 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-11 18:14 - 2017-09-08 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-11 18:14 - 2017-09-08 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-11 18:14 - 2017-09-08 17:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-11 18:14 - 2017-09-08 17:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-11 18:14 - 2017-09-08 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-11 18:14 - 2017-09-08 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-11 18:14 - 2017-09-08 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-11 18:14 - 2017-09-08 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-11 18:14 - 2017-09-08 16:50 - 002402304 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-11 18:14 - 2017-09-08 16:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
2017-10-11 18:14 - 2017-09-08 16:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-10-11 18:14 - 2017-09-08 16:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
2017-10-11 18:14 - 2017-09-07 21:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-11 18:14 - 2017-09-07 21:26 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-11 18:14 - 2017-09-07 21:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-11 18:14 - 2017-09-07 21:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-11 18:14 - 2017-09-07 21:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-11 18:14 - 2017-09-07 21:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-11 18:14 - 2017-09-07 21:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-11 18:14 - 2017-09-07 21:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-11 18:14 - 2017-09-07 21:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-11 18:14 - 2017-09-07 21:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-11 18:14 - 2017-09-07 21:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-11 18:14 - 2017-09-07 20:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-11 18:14 - 2017-09-07 20:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-11 18:14 - 2017-09-07 20:58 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-11 18:14 - 2017-09-07 20:52 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-11 18:14 - 2017-09-07 20:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-11 18:14 - 2017-09-07 20:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-11 18:14 - 2017-09-07 20:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-11 18:14 - 2017-09-07 20:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-11 18:14 - 2017-09-07 20:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-11 18:14 - 2017-09-07 20:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-11 18:14 - 2017-09-07 20:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-11 18:14 - 2017-09-07 20:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-11 18:14 - 2017-09-07 20:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-11 18:14 - 2017-09-07 20:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-11 18:14 - 2017-09-07 20:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-11 18:14 - 2017-09-07 20:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-11 18:14 - 2017-09-07 20:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-11 18:14 - 2017-09-07 20:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-11 18:14 - 2017-09-07 20:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-11 18:14 - 2017-09-07 20:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-11 18:14 - 2017-09-07 19:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-11 18:14 - 2017-09-07 19:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-11 18:14 - 2017-09-07 17:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-11 18:14 - 2017-09-07 16:48 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-11 18:14 - 2017-09-07 16:48 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-11 18:14 - 2017-09-07 16:48 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-11 18:14 - 2017-08-19 17:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-11 18:14 - 2017-08-19 17:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-11 18:14 - 2017-08-19 17:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-10-11 18:14 - 2017-08-19 16:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-10-11 18:14 - 2017-08-19 16:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-10-11 18:14 - 2017-08-14 19:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-11 18:14 - 2017-08-14 19:35 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-10-11 18:14 - 2017-08-13 23:35 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-10-24 17:11 - 2009-07-14 06:34 - 000009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-24 17:11 - 2009-07-14 06:34 - 000009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-24 17:03 - 2016-09-30 23:05 - 000001202 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-23 21:02 - 2016-09-30 23:05 - 000001198 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-23 20:35 - 2016-09-30 23:14 - 000000000 ___RD C:\Users\SARBAT\Dropbox
2017-10-23 18:10 - 2016-12-31 11:41 - 000000000 ____D C:\Users\SARBAT\AppData\Roaming\OpenOffice Updater
2017-10-23 18:08 - 2010-08-09 07:02 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-23 18:08 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-23 16:46 - 2017-02-05 17:53 - 000001277 _____ C:\Users\SARBAT\Desktop\Opera Tabs.txt
2017-10-23 15:03 - 2016-09-04 22:47 - 000000000 ____D C:\Program Files\Opera
2017-10-23 00:29 - 2016-09-04 23:11 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-23 00:29 - 2016-09-04 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-22 18:07 - 2017-07-09 11:56 - 000001245 _____ C:\Users\SARBAT\Desktop\nativelog.txt
2017-10-22 00:27 - 2017-02-07 12:52 - 000000000 ____D C:\Users\SARBAT\AppData\Roaming\.minecraft
2017-10-21 16:32 - 2017-02-18 18:53 - 000000000 ____D C:\Users\SARBAT\AppData\Local\CrashDumps
2017-10-21 03:27 - 2016-11-20 14:15 - 000000000 ____D C:\Users\SARBAT\AppData\LocalLow\Mozilla
2017-10-19 20:46 - 2016-09-30 23:05 - 000000000 ____D C:\Program Files\Dropbox
2017-10-16 19:13 - 2016-09-06 11:32 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-10-16 19:13 - 2016-09-06 11:32 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-10-16 19:13 - 2010-08-09 14:01 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-13 13:53 - 2010-07-06 22:23 - 001619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-13 13:53 - 2010-05-12 15:13 - 000699342 _____ C:\Windows\system32\perfh007.dat
2017-10-13 13:53 - 2010-05-12 15:13 - 000149450 _____ C:\Windows\system32\perfc007.dat
2017-10-13 13:53 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-10-12 20:02 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\rescache
2017-10-12 18:38 - 2010-08-09 07:02 - 000000000 ____D C:\Users\UpdatusUser
2017-10-12 18:34 - 2009-07-14 06:33 - 000472696 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-12 14:13 - 2016-10-23 11:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-12 14:13 - 2016-09-13 11:52 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-12 14:09 - 2016-09-08 18:14 - 000000000 ____D C:\Windows\system32\MRT
2017-10-12 14:02 - 2010-07-06 23:03 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-27 16:52 - 2017-03-10 21:17 - 000012755 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
2016-09-04 23:19 - 2016-09-04 23:19 - 000000000 ____D () C:\Users\SARBAT\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-10-21 18:06

==================== Ende vom FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version: 23-10-2017 01
durchgeführt von SARBAT (24-10-2017 17:15:32)
Gestartet von C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4632_30018
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2016-09-04 20:22:53)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1733954782-861682868-1594596262-500 - Administrator - Disabled)
Gast (S-1-5-21-1733954782-861682868-1594596262-501 - Limited - Disabled)
SARBAT (S-1-5-21-1733954782-861682868-1594596262-1001 - Administrator - Enabled) => C:\Users\SARBAT
UpdatusUser (S-1-5-21-1733954782-861682868-1594596262-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

32 Bit HP CIO Components Installer (HKLM\...\{A80FA752-C491-4ED9-ABF0-4278563160B2}) (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Avira (HKLM\...\{79C4A62C-8CC2-44AC-91FE-1299A215B4B7}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM\...\{f5da837f-e932-4f55-995c-7e97c5cbebdd}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.32.12 - Avira Operations GmbH & Co. KG)
AviSynth 2.6 (HKLM\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
B110 (HKLM\...\{9F9A2D22-7E30-4546-B817-10644FFB9935}) (Version: 140.0.283.000 - Hewlett-Packard) Hidden
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
BufferChm (HKLM\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CorelDRAW Essentials 4 - Content (HKLM\...\{19AC095C-3520-4999-AA15-93B6D0248A50}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (HKLM\...\{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (HKLM\...\{F16841F6-5F0F-4DBE-B318-63CEB916F21D}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (HKLM\...\{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (HKLM\...\{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (HKLM\...\{ABD8B955-1C69-4AF3-949B-13CD587C175F}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (HKLM\...\{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (HKLM\...\{34A9406E-1994-4C20-AC72-04CFA2B24545}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (HKLM\...\{C682F3F0-00A6-4379-B083-4F3273624D7B}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (HKLM\...\{BA9319FE-BCEF-4C99-8039-F464648D046E}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (HKLM\...\{3576C335-958D-4D60-A812-F68F9A2796AF}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (HKLM\...\{5500BB35-1C21-4328-9F16-F894B860FADE}) (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (HKLM\...\{07B62101-7EBD-434A-94B1-B38063BE5516}) (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (HKLM\...\{9043B9A0-9505-405B-8202-E7167A38A89C}) (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021 - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2718 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
Dassault Systemes Software B19 (HKLM\...\Dassault Systemes B19_0) (Version:  - )
Dassault Systemes Software Prerequisites x86 (HKLM\...\{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}) (Version: 8.1.3 - Dassault Systemes)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Die Siedler II - Die nächste Generation (HKLM\...\S2TNG) (Version:  - )
Dropbox (HKLM\...\Dropbox) (Version: 37.4.29 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 18.6 - Thüringer Landesfinanzdirektion)
GPBaseService2 (HKLM\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (HKLM\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 8 Update 141 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.2 - Wistron Corp.)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarketResearch (HKLM\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.) Hidden
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 56.0 (x86 de) (HKLM\...\Mozilla Firefox 56.0 (x86 de)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
MyHarmony (HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Network (HKLM\...\{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Treiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5912 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
OpenOffice Updater (HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice)
OpenOffice Updater (HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice)
Opera Stable 48.0.2685.50 (HKLM\...\Opera 48.0.2685.50) (Version: 48.0.2685.50 - Opera Software)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_07_B110_SW_Min (HKLM\...\{F88E2E04-7EF5-488C-8E38-C94EB808458E}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (HKLM\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Scan (HKLM\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (HKLM\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (HKLM\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Toolbox (HKLM\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Web Companion (HKLM\...\{2297ea72-567b-4acb-9bc8-a965250b5b56}) (Version: 3.2.1725.3256 - Lavasoft)
WebReg (HKLM\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Websuche (HKLM\...\Websuche) (Version:  - Websuche)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.40 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version:  - )
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-10-15] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-10-17] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-10-15] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {110C67E6-C2B8-4DDC-914B-68B0C4EE83D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {25E89319-E128-4E4F-A434-63B151778D81} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {2E3CE279-534C-4403-9C38-C0C0B43BBB1F} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-08-18] ()
Task: {3016DA09-BA07-4F74-92E5-B17D226FC984} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {569898AC-90E9-4B42-8E5A-9241C6E672F9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_27_0_0_170_pepper.exe [2017-10-16] (Adobe Systems Incorporated)
Task: {704603C8-C524-4A1E-925C-42D31B199605} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-09-30] (Dropbox, Inc.)
Task: {8C726C72-E741-4DED-81E0-7AB01270973E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-09-30] (Dropbox, Inc.)
Task: {95CCA7F0-8969-4D73-B038-B51F0D9E73F0} - System32\Tasks\{AA520783-31E2-4877-92A1-C73D10E96BA3} => C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\
Task: {C72C9538-06E3-4747-A3EB-F26500966247} - System32\Tasks\Opera scheduled Autoupdate 1498217446 => C:\Program Files\Opera\launcher.exe [2017-10-17] (Opera Software)
Task: {DC8F13ED-91DF-4100-AD31-15019320CB28} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2017-10-15] (Avira Operations GmbH & Co. KG)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2010-08-09 14:14 - 2010-02-12 16:20 - 000244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2017-09-01 21:06 - 2017-09-13 20:15 - 000025704 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2017-09-01 21:06 - 2017-09-13 20:15 - 000017000 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000036456 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2017-01-25 20:13 - 2017-01-25 20:13 - 000027576 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2017-02-07 14:32 - 2016-12-29 15:08 - 000121792 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-10-23 17:47 - 2017-10-04 13:15 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-23 17:47 - 2017-10-04 13:15 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 000619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 000013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2017-10-19 20:44 - 2017-10-17 17:48 - 000771904 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2017-10-19 20:44 - 2017-10-17 17:48 - 001804608 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
2017-10-05 18:35 - 2017-10-17 17:47 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000130512 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001856848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-10-19 20:44 - 2017-10-17 17:47 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-10-05 18:35 - 2017-10-17 17:47 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2017-10-19 20:44 - 2017-10-17 17:47 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-10-05 18:35 - 2017-10-17 17:50 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000026056 _____ () C:\Program Files\Dropbox\Client\win32job.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000021824 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000023368 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000022856 _____ () C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000066392 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001796920 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000084424 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 001956152 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 003859264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000154440 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000521024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000045888 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000042304 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000131384 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000218944 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000204096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-05 18:35 - 2017-10-17 17:47 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-10-05 18:35 - 2017-10-17 17:50 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000025424 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-10-19 20:44 - 2017-10-17 17:48 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2017-10-19 20:44 - 2017-10-17 17:49 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-10-05 18:35 - 2017-10-17 17:50 - 000030536 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.DLL
2017-10-19 20:44 - 2017-10-17 17:49 - 001638200 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-10-05 18:35 - 2017-10-17 17:50 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000545080 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000359224 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2017-10-19 20:44 - 2017-10-17 17:49 - 000038208 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngine.pyd
2012-01-10 22:12 - 2012-01-10 22:12 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000109160 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000110696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000058984 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000312424 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2017-09-01 21:06 - 2017-09-13 20:15 - 000084072 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2017-10-23 15:03 - 2017-10-23 15:03 - 067069016 _____ () C:\Program Files\Opera\48.0.2685.50\opera_browser.dll
2017-09-21 13:30 - 2017-09-21 13:30 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2b5f4a6496e65d431698f64ba7160604\IsdiInterop.ni.dll
2010-08-09 14:36 - 2010-03-04 05:08 - 000058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2017-10-23 15:03 - 2017-10-23 15:02 - 003113560 _____ () C:\Program Files\Opera\48.0.2685.50\libglesv2.dll
2017-10-23 15:03 - 2017-10-23 15:02 - 000087640 _____ () C:\Program Files\Opera\48.0.2685.50\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\SARBAT\Desktop\Projektmanagement:com.dropbox.attributes [168]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:04 - 2009-06-10 23:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1733954782-861682868-1594596262-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181008883\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SARBAT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Control Panel\Desktop\\Wallpaper -> C:\Users\SARBAT\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{625C91B8-0342-4013-A059-BC58F5ECF94B}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{723B0637-366C-4656-A5FD-0C7A6C8C38EF}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{101694CC-978D-4204-AF2E-84C24C6CE28B}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{967BB4E1-1EEF-40B2-BBD8-BCA977DF6D74}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{51D9E062-BC3E-460A-9DA1-EC00C0E61AFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6460CEE5-80DC-45F7-A37D-865EE6C3110E}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{7DACDA9C-CBCB-4596-8C1B-130D6236D105}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D76C0F1E-888D-4289-BD8A-6210885792BA}] => (Allow) svchost.exe
FirewallRules: [{6699CC78-98F9-4B69-8461-8EDF1654F24B}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{0B5B1F51-77F7-49D0-8CE0-7A5D9A5293D1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{6D5F4FF9-4102-4440-8FBD-AB939941172C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C91C628F-5C05-4027-AF4F-5C8CF2F81613}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{88734459-98E5-4EBA-AFBD-C6102C401C95}] => (Allow) E:\setup\hpznui01.exe
FirewallRules: [{DD83B366-C6ED-4B58-8435-0768E81A1FF1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{2B149D1F-1C8C-46FD-8DE4-66E6DF7160D1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{05916671-9299-46E5-A584-9297D56D0E04}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{10D06981-C45F-4DE5-8D99-9029D0DA5894}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{55CC1B6A-3695-4B99-923E-A0E1843E2430}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EB3B3BC1-FF9D-4248-911B-7F72E1C3D3AB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{71F39BC3-7F61-4FCC-AAD0-E134E016E307}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C9C499E5-736D-4C19-B3F3-8BD1FF9C1054}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{FC60236F-8CEA-4E2F-A91B-2BE85E5E2C9C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{3147CA70-0D03-4D61-B979-D53CD904BB81}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D3741DB1-E99D-492C-8113-28E1BD3626C3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{CACB9EE4-9A80-45FA-84E2-FEADE1C2D886}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{9D409B5F-E51B-468C-92F3-8959F692E1B7}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{4BD084BC-47E0-4672-A91B-61D760CA3AA5}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe
FirewallRules: [UDP Query User{C9F12131-48AA-4D9E-88FA-3754B59E31D9}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe
FirewallRules: [TCP Query User{28F63C74-5DA3-431B-872F-D1605888B5DE}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe
FirewallRules: [UDP Query User{68C6BB30-61BF-4D95-BC87-FA6F10EE9C6A}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe] => (Allow) C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe
FirewallRules: [TCP Query User{1D625DD7-B346-470B-81D8-A5E128CB3CF7}C:\users\sarbat\documents\age of empires ii\empires2.exe] => (Allow) C:\users\sarbat\documents\age of empires ii\empires2.exe
FirewallRules: [UDP Query User{9D4F346A-B4CB-45B1-9016-4722820BD821}C:\users\sarbat\documents\age of empires ii\empires2.exe] => (Allow) C:\users\sarbat\documents\age of empires ii\empires2.exe
FirewallRules: [{41A27EBD-B185-4D78-B53C-84F23D654B3E}] => (Allow) C:\Program Files\Opera\48.0.2685.39\opera.exe
FirewallRules: [{94EA3DBD-F490-4B7E-857C-BE6BB7DA2BC5}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{9513971E-A24D-4700-B60F-6A625D988B34}] => (Allow) C:\Program Files\Opera\48.0.2685.50\opera.exe

==================== Wiederherstellungspunkte =========================

21-10-2017 18:13:48 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/21/2017 04:32:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 56.0.0.6478, Zeitstempel: 0x59cab8da
Name des fehlerhaften Moduls: xul.dll, Version: 56.0.0.6478, Zeitstempel: 0x59cab8c9
Ausnahmecode: 0x80000003
Fehleroffset: 0x00c47e59
ID des fehlerhaften Prozesses: 0x31d0
Startzeit der fehlerhaften Anwendung: 0x01d34a104438963d
Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll
Berichtskennung: ae9a954b-b66c-11e7-9e38-00262dc14cb8

Error: (10/17/2017 05:27:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: opera_autoupdate.exe, Version: 48.0.2685.39, Zeitstempel: 0x59dbb456
Name des fehlerhaften Moduls: opera_autoupdate.exe, Version: 48.0.2685.39, Zeitstempel: 0x59dbb456
Ausnahmecode: 0x80000003
Fehleroffset: 0x000c2d94
ID des fehlerhaften Prozesses: 0x2138
Startzeit der fehlerhaften Anwendung: 0x01d3475c6283d73b
Pfad der fehlerhaften Anwendung: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Opera\48.0.2685.39\opera_autoupdate.exe
Berichtskennung: b32c094c-b34f-11e7-ad35-00262dc14cb8

Error: (10/12/2017 02:19:34 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (10/09/2017 07:28:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 47.0.2631.80 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 9430

Startzeit: 01d33e005acb9b1d

Endzeit: 3855

Anwendungspfad: C:\Program Files\Opera\47.0.2631.80\opera.exe

Berichts-ID: 0b5f2495-ad17-11e7-9fa5-00262dc14cb8

Error: (10/01/2017 03:05:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPWUCli.exe, Version: 5.0.9.0, Zeitstempel: 0x4acfa581
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01834ab3
ID des fehlerhaften Prozesses: 0x6ca8
Startzeit der fehlerhaften Anwendung: 0x01d33a5010828cd6
Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP Software Update\HPWUCli.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: aeb71540-a644-11e7-9fa5-00262dc14cb8


Systemfehler:
=============
Error: (10/23/2017 06:17:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (10/23/2017 02:50:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Avira.ServiceHost erreicht.

Error: (10/23/2017 12:21:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Zugriff verweigert

Error: (10/23/2017 12:21:03 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/22/2017 08:16:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{752073A1-23F2-4396-85F0-8FDB879ED0ED}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/22/2017 08:15:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
Zugriff verweigert

Error: (10/21/2017 08:11:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (10/21/2017 08:02:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (10/21/2017 07:59:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/21/2017 07:59:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Prozentuale Nutzung des RAM: 89%
Installierter physikalischer RAM: 3253.42 MB
Verfügbarer physikalischer RAM: 357.19 MB
Summe virtueller Speicher: 7405.16 MB
Verfügbarer virtueller Speicher: 677.83 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:565.07 GB) (Free:447.37 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:1.11 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 075432EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=565.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende vom Addition.txt ============================
         

Alt 24.10.2017, 21:30   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Wenn ich was zweimal poste liegt das an einem Bug im Forum. Die Anweisungen musst Du nur einmal ausführen...

Schritt 1
Downloade Dir bitte AdwCleaner auf Deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel
    • Prefetch Dateien
    • Proxy
    • Winsock
    • IE Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 24.10.2017, 21:30   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Wenn ich was zweimal poste liegt das an einem Bug im Forum. Die Anweisungen musst Du nur einmal ausführen...

Schritt 1
Downloade Dir bitte AdwCleaner auf Deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel
    • Prefetch Dateien
    • Proxy
    • Winsock
    • IE Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 24.10.2017, 22:54   #13
Kohna
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Code:
ATTFilter
# AdwCleaner 7.0.3.1 - Logfile created on Tue Oct 24 20:47:09 2017
# Updated on 2017/29/09 by Malwarebytes 
# Running on Windows 7 Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: WCAssistantService


***** [ Folders ] *****

Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
Deleted: C:\Users\SARBAT\AppData\Local\YSearchUtil
Deleted: C:\ProgramData\lavasoft\web companion
Deleted: C:\ProgramData\Application Data\lavasoft\web companion
Deleted: C:\Program Files\lavasoft\web companion
Deleted: C:\Users\All Users\lavasoft\web companion
Deleted: C:\Users\SARBAT\AppData\Roaming\lavasoft\web companion
Deleted: C:\Program Files\Yahoo!\yset
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Deleted: [Value] - HKU\S-1-5-21-1733954782-861682868-1594596262-1001\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Value] - HKU\S-1-5-21-1733954782-861682868-1594596262-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10232017181010193\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2297ea72-567b-4acb-9bc8-a965250b5b56}|DisplayName []
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2297ea72-567b-4acb-9bc8-a965250b5b56}|DisplayIcon []
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2297ea72-567b-4acb-9bc8-a965250b5b56}|UninstallString []


***** [ Firefox (and derivatives) ] *****

Plugin deleted: Search and New Tab by Yahoo - Yahoo
Startpage deleted: www1.online/?w=RD9898


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3317 B] - [2017/10/24 20:45:18]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
         

Alt 25.10.2017, 23:17   #14
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Schritt 1

Downloade Dir HitmanProauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 26.10.2017, 19:31   #15
Kohna
 
Phishing-Mail Link geklickt. Daten retten - Standard

Phishing-Mail Link geklickt. Daten retten



Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : SARBAT-PC
   Windows . . . . . . . : 6.1.1.7601.X86/4
   User name . . . . . . : SARBAT-PC\SARBAT
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-10-26 00:28:40
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 22m 0s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 3

   Objects scanned . . . : 1.377.143
   Files scanned . . . . : 59.012
   Remnants scanned  . . : 437.458 files / 880.673 keys

Malware _____________________________________________________________________

   C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4072_25118\Java Runtime Environment 32 Bit - CHIP-Installer.exe
      Size . . . . . . . : 1.496.584 bytes
      Age  . . . . . . . : 260.5 days (2017-02-07 11:58:45)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : 8E9BAA8832CACF17AD48FCBA12DF19014596F43E832F11FBE95A5578019E9464
      Needs elevation  . : Yes
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen
      Fuzzy  . . . . . . : 103.0

   C:\Users\SARBAT\Downloads\Installer\Java Runtime Environment 32 Bit - CHIP-Installer.exe
      Size . . . . . . . : 1.496.584 bytes
      Age  . . . . . . . : 260.5 days (2017-02-07 11:58:45)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : 8E9BAA8832CACF17AD48FCBA12DF19014596F43E832F11FBE95A5578019E9464
      Needs elevation  . : Yes
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen
      Fuzzy  . . . . . . : 103.0


Suspicious files ____________________________________________________________

   C:\Users\SARBAT\Desktop\FRST.exe
      Size . . . . . . . : 1.799.680 bytes
      Age  . . . . . . . : 1.3 days (2017-10-24 17:08:34)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E7B6CB7A6A51DF71D0BE6E5EFD09FF7F14308CCB7824A32E27D5FF0D4FFE3DD3
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5ab8ef4616ea45439342461a168e7525
# end=init
# utc_time=2017-10-25 10:54:02
# local_time=2017-10-26 12:54:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 35187
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5ab8ef4616ea45439342461a168e7525
# end=updated
# utc_time=2017-10-25 10:59:54
# local_time=2017-10-26 12:59:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5ab8ef4616ea45439342461a168e7525
# engine=35187
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-10-26 09:51:00
# local_time=2017-10-26 11:51:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 96 40534 37483140 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 35616117 260642650 0 0
# scanned=309386
# found=27
# cleaned=0
# scan_time=39064
sh=A28F64706E2F64BEF2E312D76EE72E707ECD5F50 ft=1 fh=d7ce1cd8676c7703 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1733954782-861682868-1594596262-1001\$R5HMCOK.exe"
sh=7368D143AAAD06E27700CDFB9402211A3BCB7C34 ft=1 fh=f97fda4e7da35c67 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\rQF69AzBla\Application\Lavasoft.Utils.dll"
sh=21B210517454ACA148BB3F710DD72C8C381E6CA2 ft=1 fh=ec7375de7603e004 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\rQF69AzBla\Application\Lavasoft.WCAssistant.WinService.exe"
sh=6167BF5453E3B51F4F8F3EB30A90C69DE403661E ft=1 fh=45a91f38d2c9dded vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\rQF69AzBla\Application\WebCompanion.exe"
sh=AF214BB8C34F40BBCED74A0265D652144BFAD911 ft=1 fh=b0c1ee30a374cdef vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\rQF69AzBla\Application\WebCompanionInstaller.exe"
sh=BD569B74D9F01AF8F54EB331006BA5D3B572C531 ft=1 fh=f5ea098eaa54fa94 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F70GJIJN\WcInstaller[1].exe"
sh=E3EA4D1DCE737CD6FDDA85D886FCCF23DC1D7D9B ft=0 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\WebCompanion.zip"
sh=E372AF7F5CBB53D354E3BE2AC726ED730F17FF4A ft=1 fh=704df630a1cb9cdd vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\DMR\dmr_72.exe"
sh=E372AF7F5CBB53D354E3BE2AC726ED730F17FF4A ft=1 fh=704df630a1cb9cdd vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\DMR\dmr_84.exe"
sh=1503016DD302FF14611634EB170CFDB7703757DC ft=1 fh=9b71f8d91b690524 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4072_25118\Java Runtime Environment 32 Bit - CHIP-Installer.exe"
sh=1306BB96FAF6B39A4372FE022DB7010CF42BB509 ft=1 fh=babdfc58d84facb8 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_16301\ffdshow tryouts - CHIP-Installer.exe"
sh=D499B4D0CE32EE0CCE6B55466373B03796426D1C ft=1 fh=152ec001408ac940 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_19600\Koepi s XviD - CHIP-Installer.exe"
sh=A28F64706E2F64BEF2E312D76EE72E707ECD5F50 ft=1 fh=d7ce1cd8676c7703 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_20740\Haali Media Splitter - CHIP-Installer.exe"
sh=D499B4D0CE32EE0CCE6B55466373B03796426D1C ft=1 fh=152ec001408ac940 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_31156\Koepi s XviD - CHIP-Installer.exe"
sh=D499B4D0CE32EE0CCE6B55466373B03796426D1C ft=1 fh=152ec001408ac940 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_3413\Koepi s XviD - CHIP-Installer.exe"
sh=4D0151EAB20DC21DF760131C4A2DF9CD1CE49361 ft=1 fh=96bbd3298f59d1c5 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\AppData\Local\Temp\scoped_dir4368_6286\VirtualDub 32 Bit - CHIP-Installer.exe"
sh=1306BB96FAF6B39A4372FE022DB7010CF42BB509 ft=1 fh=babdfc58d84facb8 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\Downloads\Installer\ffdshow tryouts - CHIP-Installer.exe"
sh=1503016DD302FF14611634EB170CFDB7703757DC ft=1 fh=9b71f8d91b690524 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\Downloads\Installer\Java Runtime Environment 32 Bit - CHIP-Installer.exe"
sh=D499B4D0CE32EE0CCE6B55466373B03796426D1C ft=1 fh=152ec001408ac940 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\Downloads\Installer\Koepi s XviD - CHIP-Installer.exe"
sh=4D0151EAB20DC21DF760131C4A2DF9CD1CE49361 ft=1 fh=96bbd3298f59d1c5 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\SARBAT\Downloads\Installer\VirtualDub 32 Bit - CHIP-Installer.exe"
sh=367257FA2A552DFEC7B9788AEE998B07F24F6339 ft=0 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\WebCompanion.zip"
sh=94549509601D21D2DF433B30E26516885952ADB4 ft=1 fh=891617a2a0aa4262 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_724912008\WcInstaller.exe"
sh=104C2FB3121299E660DECF60324ECBDEEEECCC2F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung" ac=I fn="D:\USER-PC\Backup Set 2013-02-17 190001\Backup Files 2013-02-17 190001\Backup files 1.zip"
sh=6CAA4821633348EE1EBA737D6E504A692C6AFDD5 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung" ac=I fn="D:\USER-PC\Backup Set 2013-03-03 202647\Backup Files 2013-03-03 202647\Backup files 1.zip"
sh=3C1AFBDE868440DC0E0A7811AF4812028EB3E5FD ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.BC eventuell unerwünschte Anwendung" ac=I fn="D:\USER-PC\Backup Set 2013-03-24 214015\Backup Files 2013-03-31 190002\Backup files 1.zip"
sh=F7871916655896F8E597C405B8606ECBBEBB55B9 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung" ac=I fn="D:\USER-PC\Backup Set 2013-04-07 200356\Backup Files 2013-04-07 200356\Backup files 1.zip"
sh=3FCB33F4C29F79BE5138002EE07A533DCF630DDA ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.BC eventuell unerwünschte Anwendung" ac=I fn="D:\USER-PC\Backup Set 2013-04-07 200356\Backup Files 2013-04-21 202824\Backup files 1.zip"
         

Antwort

Themen zu Phishing-Mail Link geklickt. Daten retten
autorun, avdevprot.sys, avira, bho, browser, defender, e-mail, ebay, festplatte, firefox, flash player, frage, helper, home, internet, internet explorer, logfile, realtek, registry, rundll, scan, senden, svchost.exe, udp, usb, windows



Ähnliche Themen: Phishing-Mail Link geklickt. Daten retten


  1. Auf Link in Phishing-Mail geklickt
    Plagegeister aller Art und deren Bekämpfung - 01.02.2016 (10)
  2. Windows 10, paypal phishing, link geklickt
    Log-Analyse und Auswertung - 12.01.2016 (7)
  3. Phishing Link geklickt
    Plagegeister aller Art und deren Bekämpfung - 19.09.2015 (8)
  4. UPS Phishing Mail geöffnet uns auf Link geklickt
    Log-Analyse und Auswertung - 02.04.2015 (24)
  5. Phishing mail Link geklickt
    Log-Analyse und Auswertung - 22.03.2015 (9)
  6. Windows 7: DHL-Phishing-Mail geöffnet, auf den Link geklickt, .zip-File nicht heruntergeladen
    Log-Analyse und Auswertung - 10.03.2015 (13)
  7. DHL Phishing mail - auf link geklickt (auch mit handy)
    Plagegeister aller Art und deren Bekämpfung - 06.03.2015 (11)
  8. Habe auf Link in Phishing Mail geklickt.
    Plagegeister aller Art und deren Bekämpfung - 29.09.2014 (7)
  9. Auf den Link einer Phishing-Mail geklickt. (Angeblich PayPal)
    Plagegeister aller Art und deren Bekämpfung - 25.09.2014 (5)
  10. Win7/64Bit: Link in Phishing mail (Ermittlungsverfahren) geklickt, Frethog-32 found
    Log-Analyse und Auswertung - 27.06.2014 (6)
  11. Phishing Mail geöffnet, auf Link geklickt, nichts ist passiert - was tun?
    Log-Analyse und Auswertung - 18.06.2014 (7)
  12. Phishing-mail link geklickt
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (13)
  13. PayPal Phishing-Mail erhalten, auf Link geklickt und Passwort eingegeben
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (9)
  14. Phishing Mail geöffnet, auf Link geklickt, nichts ist passiert - was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2014 (5)
  15. Phishing-Mail erhalten, auf Link geklickt und Daten angegeben
    Plagegeister aller Art und deren Bekämpfung - 05.02.2014 (26)
  16. Auf den Link in einer Phishing E-Mail geklickt - Was nun?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (5)
  17. Battle.net Phishing Mail, Link geklickt, aber nichts eingegeben
    Plagegeister aller Art und deren Bekämpfung - 27.06.2013 (13)

Zum Thema Phishing-Mail Link geklickt. Daten retten - Erstmal hallo an alle hier, ich habe momentan vielleicht ein Problem. Kurz gefasst, ich habe auf einen Link in einer E-mail geklickt und es öffnete sich zwar ein Fenster, aber - Phishing-Mail Link geklickt. Daten retten...
Archiv
Du betrachtest: Phishing-Mail Link geklickt. Daten retten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.