Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: tooltabextension.dll u.a.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.04.2019, 01:31   #1
Irgendwoher2
 
tooltabextension.dll u.a. - Standard

tooltabextension.dll u.a.



1. Problemkind:
Familiencomputer der von drei Personen (ohne sonderlich viel PC-Wissen) genutzt wird.
Windows 8.1
Swisscom Internet Security by F-Secure (ISbF)

2. Problem:
Diverse Probleme mit Browsern und anderen Programmen (seit einiger Zeit). Bei Scans durch ISbF wurde bis anhin nie etwas schädliches gefunden. Heute dann ein Hinweis, dass die Datei tooltabextension.dll in die Quarantäne verschoben wurde (und zwar mehrere Male).

3. Lösungsversuche:
Leider den Fehler gemacht selbst rumzubastenln, da ich es - bevor ich diese Webseite aufsuchte - nicht besser wusste.
a) tooltabextension.dll im Explorer gesucht. Wurde 2 x gefunden in Zusammenhang mit PDFConverterHQTooltab + EasyPDFConverterTooltab.
b) Im RevoUninstaller nach diesen Programmen gesucht, und diese deinstalliert (clean uninstall). Gleichzeitig nach anderen "seltsamen" Programmen gesucht - und weitere gefunden: s. Logs. Auch die deinstalliert.
c) Spybot runtergeladen und installiert. 45 gefundene Probleme automatisch beheben lassen. Anschliessende "Immunisierung" des Computers.

4. Fragen:
a) Lässt sich noch prüfen, ob das System jetzt Plagegeister-frei ist?
b) Sollte das System schliesslich gesäubert sein: müssen wir dann noch irgendwelche andere Massnahmen ergreifen? Oder anders gesagt: was bewirken tooltabextension und co.? Könnten persönliche Daten kompromittiert worden sein?

Hoffe auf Hilfe.

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17.03.2019
durchgeführt von XX (08-04-2019 02:29:37)
Gestartet von C:\Users\Xx\AppData\Local\Microsoft\Windows\INetCache\IE\VXEVB054
Windows 8.1 (Update) (X64) (2014-01-18 13:24:01)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2143967816-975072899-265787009-500 - Administrator - Disabled)
XX (S-1-5-21-2143967816-975072899-265787009-1001 - Administrator - Enabled) => C:\Users\Xx
Gast (S-1-5-21-2143967816-975072899-265787009-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2143967816-975072899-265787009-1006 - Limited - Enabled)
UpdatusUser (S-1-5-21-2143967816-975072899-265787009-1004 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Internet Security by F-Secure (Enabled - Up to date) {8AC831E5-DF57-0DC0-D07B-4DE1A5FFFD9A}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Internet Security by F-Secure (Enabled - Up to date) {31A9D001-F96D-024E-EACB-7693DE78B727}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{99D7329A-44AA-4D40-AA8D-0F5783C38B76}) (Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Apple Application Support (32-Bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Computer Security 17.215.129.0 (release) (HKLM-x32\...\{658FDBCA-B7A1-43E4-A849-9F0812473331}) (Version: 17.215.129.0 - F-Secure Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Das Fussball Studio 8.5.2 (Beta) (HKLM-x32\...\{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1) (Version: 8.5.2 - vmLOGIC - Volker Mallmann)
EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Firestorm-Betax64 (HKLM\...\Firestorm-Betax64) (Version: 6.0.1.56538 - The Phoenix Firestorm Project, Inc.)
Firestorm-Releasex64 (HKLM\...\Firestorm-Releasex64) (Version: 5.1.7.55786 - The Phoenix Firestorm Project, Inc.)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
F-Secure CCF Reputation (HKLM-x32\...\{D864A15F-64B4-49B1-832C-21EDB46843B7}) (Version: 100.0.0.0 - F-Secure) Hidden
F-Secure CCF Scanning Dummy 3.0.12 (release) (HKLM-x32\...\{99924D6C-E069-4C91-AB86-1722282FC858}) (Version: 3.0.12 - F-Secure Corporation) Hidden
F-Secure Network CCF 100.0.0.0 (HKLM-x32\...\{670203BE-8801-4A41-8480-29B7EC37FC7D}) (Version: 100.0.0.0 - F-Secure Corporation) Hidden
F-Secure SafeSearch 10.0.0.0 (release) (HKLM-x32\...\{1C02D59F-EAF4-404C-95D9-2E7EF186FE44}) (Version: 10.0.0.0 - F-Secure Corporation) Hidden
F-Secure Ultralight 1.0.5438.0 (release) (cc0c4f981bd2f23d1e5e325af11ed0a0ecf2a348) (HKLM-x32\...\{C75644E8-5FB5-4B8F-8FD2-08CC5D7ECD87}) (Version: 1.0.5438.0 - F-Secure Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.1.0.1055 - Citrix Online, a division of Citrix Systems, Inc.)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\HPConnectedMusic) (Version: 1.1 (build 87) hp - Meridian Audio Ltd)
HP Dropbox Plugin (HKLM-x32\...\{1E18E86D-632C-48B5-962C-B60C2E53A478}) (Version: 36.0.41.58587 - HP)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Google Drive Plugin (HKLM-x32\...\{039DDA62-50CC-4E7F-9D54-7CF032A2D362}) (Version: 36.0.41.58587 - HP)
HP My Display (HKLM-x32\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
HP OfficeJet Pro 8730 - Grundlegende Software für das Gerät (HKLM\...\{F2EF46E7-34C9-4DD2-B7AA-001AEE69E954}) (Version: 38.8.1942.18339 - HP Inc.)
HP OfficeJet Pro 8730 Hilfe (HKLM-x32\...\{267F7BC5-3799-48D1-B91A-C76BB825160C}) (Version: 38.0.0 - HP)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{A95F74BA-8A42-4D24-AE9B-3AC2A1F95968}) (Version: 12.3.6.12 - HP)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Internet Security (HKLM-x32\...\{12CFC2FB-3ED2-45D8-94E4-7C20511A232C}) (Version: 3.15.612.0 - F-Secure Corporation) Hidden
Internet Security (HKLM-x32\...\F-Secure ServiceEnabler 45119) (Version: 3.15.612.0 - F-Secure Corporation)
iTunes (HKLM\...\{C704C598-39D0-4B12-BBFA-FF6D43C95BFD}) (Version: 12.9.3.3 - Apple Inc.)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.5119.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MixPad Audiodatei-Mixer (HKLM-x32\...\MixPad) (Version: 5.35 - NCH Software)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 66.0.2 (x64 de) (HKLM\...\Mozilla Firefox 66.0.2 (x64 de)) (Version: 66.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 66.0.2.7024 - Mozilla)
My Swisscom Assistant (HKLM-x32\...\My Swisscom Assistant) (Version: 2.17.21.1091 - Swisscom (Schweiz) AG)
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.73 - NVIDIA Corporation)
NVIDIA Grafiktreiber 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5119.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5119.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0407-0000-0000000FF1CE}) (Version: 15.0.5119.1000 - Microsoft Corporation) Hidden
Online Safety 2.215.7452.4118 (HKLM-x32\...\{0DD64CD2-B23F-4A3D-A88D-EF6848A20167}) (Version: 2.215.7452.4118 - F-Secure Corporation) Hidden
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Opera Stable 58.0.3135.127 (HKLM-x32\...\Opera 58.0.3135.127) (Version: 58.0.3135.127 - Opera Software)
PayMaker (HKLM-x32\...\{40D38D25-E718-4FF9-A256-5821DCC3DE14}) (Version: 5.0.9.1 - CREALOGIX)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Pivot Software (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
SecondLifeViewer (HKLM\...\SecondLifeViewer) (Version: 6.0.1.522263 - Linden Research, Inc.)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.7.328060 - Linden Research, Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Studie zur Verbesserung von HP OfficeJet Pro 8730 (HKLM\...\{AE769E17-986A-4FA3-9D8A-A133F3E5CE37}) (Version: 38.8.1942.18339 - HP Inc.)
Swiss Jass!! (HKLM-x32\...\{A9577F70-4F7C-4BDE-B3F9-F06987DF2FE8}) (Version: 4.0.0.3350 - swissjass.ch) Hidden
Swiss Jass!! (HKLM-x32\...\Swiss Jass!!) (Version: 4.0.0.3350 - Michael Gasser)
TaxMeBe2017 Uninstaller (HKLM-x32\...\{70c37b3c-a290-4fb5-8841-a4dd890a2017}_is1) (Version:  - DV Bern AG)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2143967816-975072899-265787009-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Xx\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => Keine Datei
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {097AFDC2-206B-4030-BA70-CBEA3007ECEA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {0C91CF74-ED54-4143-B9E4-F9FB901E5BC7} - System32\Tasks\HP AR Program Upload - 80c42cec90a0488d82e2b87117319e4fcd022c4a8145454289102234a5394a27 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe
Task: {14489555-3FB6-4E60-AC46-80A57558E7E2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {17329685-B220-4805-8407-C1297E25DFD7} - System32\Tasks\HP AR Program Upload - 51a6841ced5a4ab3b3ccc63933b08b42eacae2b892a84e2fa732a67ec80308a9 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe
Task: {1EE33118-DAF9-4AFE-8F93-1E28583CD72A} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
Task: {2B1BEFC2-E3BB-4AD2-8E4F-FB4BF704778A} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe (CyberLink Corp. -> CyberLink Corp.)
Task: {309DC6BB-915E-4B16-83DF-1B07B13DDC96} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {3AA20CDB-8934-4233-810F-D4EA42AD3F24} - System32\Tasks\update-S-1-5-21-2143967816-975072899-265787009-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (OOO Lightshot -> TODO: <Company name>)
Task: {3BF307E2-B87B-4B0B-84BE-A798793EC602} - System32\Tasks\Opera scheduled Autoupdate 1427314068 => C:\Program Files (x86)\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {44B69EA9-CBC9-48A9-A5C9-391545832422} - System32\Tasks\HP AR Program Upload - 1c3068c808d34d588f4011cc466c98f4350839ad8f0b4b738d942433f39f3348 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe
Task: {45F42B5C-3A23-45A3-8D3B-0CA70624AF38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {5060D851-84A5-46E5-86CC-A4CAB844C58F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {533AF9B3-CFF8-4AB0-9F27-6E8CD46B1F9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {62D49620-9417-4719-8CB7-245AB9A89677} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {641B2748-5D16-44A9-A2FA-544E2C5F551D} - System32\Tasks\HP AR Program Upload - 5faf2d24dc9044698b697e59725e24a0218cf76de82144a3985477d39fabf80e => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe
Task: {67AB5265-816E-435A-BF24-05A5D4C59494} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {8AA79ED7-075C-48B7-BDFE-604CE8BB7A0E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {96A69C9B-1F5B-4C80-AA97-26676325655A} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp. -> CyberLink)
Task: {9CB5D90B-3581-4604-9A5E-ABA5B9994C75} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {A353C346-B121-48E3-9623-19552E503043} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {A8565048-F06E-4793-BEAA-716D969F011D} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8730 => C:\Program Files\HP\HP OfficeJet Pro 8730\Bin\HPCustPartic.exe (HP Inc -> HP Inc.)
Task: {A9BF81F7-4B2B-498F-8788-40323D055D74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {B3E38EE7-500E-4C4E-A850-F0C396D9965F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {BFBB3940-7C5A-4B09-BDCC-3144F6C3D5F2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {C33767E1-88D0-4481-B735-2B805ADBE9C3} - System32\Tasks\HP AR Program Upload - 0c842ba2c0e642b891d16c12cbc63d3d7ec1706926b04115b410c022d3b3f737 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe
Task: {C69AE387-10A1-4054-B843-5466D2EA3340} - System32\Tasks\HP AR Program Upload - 72c382648abe4854beeead52f71495a8159d579f419d4370b3baa247b4c2e2eb => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe
Task: {D1BBD469-4433-45F5-86D2-78536602A1BA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {D2BBBF56-A43A-41E2-982A-723883D33F5C} - System32\Tasks\HP AR Program Upload - 7267a940a8564ce2be9f97e8f022ddafe57963a47cf047dd980079082346fced => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe
Task: {D4D920E9-0F1E-482D-9764-F5655489B621} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> )
Task: {D67C5AD2-C71D-4077-9C21-C811475915D0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DE6786DB-0F42-457E-91FC-FD4578EE7794} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (OOO Lightshot -> TODO: <Company name>)
Task: {E93ED506-EC32-4495-B013-894EB461D057} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EA4AAF23-6D77-49AC-983B-8BB51E1A59DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {F5AB2376-3F4A-4063-8910-456F663EC16C} - System32\Tasks\XX DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC -> Seagate Technology LLC)
Task: {F9DA2410-1545-42FD-B09B-7A6DAA56B007} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: {FDEA0F79-C786-4C2C-BE68-A24AFB9DCCBA} - System32\Tasks\HPCeeScheduleForXX => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> Hewlett-Packard)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForXX.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2143967816-975072899-265787009-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2018-02-08 06:54 - 2017-12-19 04:51 - 000874880 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2016-05-14 10:33 - 2014-01-05 07:42 - 000340480 _____ (IDT, Inc.) [Datei ist nicht signiert] C:\Program Files\IDT\WDM\STacSV64.exe
2013-05-11 18:45 - 2013-05-11 18:45 - 000733696 _____ (Intel(R) Corporation) [Datei ist nicht signiert] c:\Program Files\Intel\iCLS Client\HeciServer.exe
2018-02-08 06:54 - 2017-12-19 04:51 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2010-11-18 23:08 - 2010-11-18 23:08 - 000086016 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll
2016-05-14 10:33 - 2014-01-05 07:42 - 000041664 _____ (Integrated Device Technology Inc. -> Hewlett-Packard ) [Datei ist nicht signiert] C:\Program Files\IDT\WDM\Beats64.exe
2016-05-14 10:33 - 2014-01-05 07:42 - 001703424 _____ (IDT, Inc.) [Datei ist nicht signiert] C:\Program Files\IDT\WDM\sttray64.exe
2016-01-15 22:44 - 2016-01-15 22:44 - 000057344 _____ () [Datei ist nicht signiert] C:\Program Files\CCleaner\lang\lang-1031.dll
2014-01-18 22:46 - 2009-03-03 12:40 - 000245760 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Portrait Displays\Pivot Software\winphook.dll
2014-01-18 22:46 - 2009-03-03 12:40 - 000372736 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\Portrait Displays\Pivot Software\ijl15.dll
2014-01-18 22:46 - 2002-01-05 04:37 - 000344064 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\Portrait Displays\Pivot Software\MSVCR70.dll
2014-01-18 22:46 - 2002-01-05 04:40 - 000487424 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\Portrait Displays\Pivot Software\MSVCP70.dll
2014-01-18 15:18 - 2014-01-18 15:18 - 001101824 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2014-01-18 15:18 - 2014-01-18 15:18 - 000065536 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80DEU.DLL
2019-03-16 05:13 - 2004-08-17 13:00 - 000413696 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\MSVCP60.dll
2014-01-27 19:04 - 2013-06-27 11:02 - 000499712 _____ (Microsoft Corporation) [Datei ist nicht signiert] c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\MSVCP71.dll
2014-01-27 19:04 - 2013-06-27 11:02 - 000348160 _____ (Microsoft Corporation) [Datei ist nicht signiert] c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\MSVCR71.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7946 mehr Seiten.

IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7946 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2019-04-08 00:37 - 000455056 ____R C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1	ats-u2.biz
127.0.0.1	www.ats-u2.biz
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

Da befinden sich 15618 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;%NpmLib%;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-2143967816-975072899-265787009-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\HP\HP_Metro_Sky.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.

HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\StartupApproved\Run: => "Uploader"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{DE597A71-D1B4-41E5-9DAF-B21E72F33E3D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{AB5181F4-7EDA-4B37-B747-A48E9087BDD5}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe (Mercer Road Corp -> Vivox Inc.)
FirewallRules: [UDP Query User{23FCFF01-22DA-4380-9C63-03E5AF66F27B}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe (Mercer Road Corp -> Vivox Inc.)
FirewallRules: [TCP Query User{3D225527-BE0D-44D0-80BF-C64204EF8579}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{640280AE-CD2F-4B6A-AE46-58674059D795}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe () [Datei ist nicht signiert]
FirewallRules: [{18120DE4-7DE5-4663-B58D-7C012DEB722E}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{FF6764E8-56AE-42DD-9583-BD06A0084F5B}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
FirewallRules: [UDP Query User{8299278C-DA84-449C-9A91-F17E91A78112}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
FirewallRules: [{74D18F5E-0AE7-4FD9-AEAF-03CF1BE23467}] => (Allow) LPort=8888
FirewallRules: [{749B96F3-2502-4E58-8BB5-4BD57CF0C868}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe (Adobe Systems, Incorporated) [Datei ist nicht signiert]
FirewallRules: [{D34C31A9-E6E7-49DE-A35A-91731507ACF2}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe (Adobe Systems, Incorporated) [Datei ist nicht signiert]
FirewallRules: [{AB6A9BCF-C299-4D84-A9F9-CD24F25B5803}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe (Adobe Systems, Incorporated) [Datei ist nicht signiert]
FirewallRules: [{BB778FC7-5E5A-4588-8D2B-D8AE474A1AA8}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe (Adobe Systems, Incorporated) [Datei ist nicht signiert]
FirewallRules: [{4D03C54D-A18D-48EC-8F82-10C9D2805963}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7E5F9EC1-4971-4F41-9C2E-77A48C70A4EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6783DDDB-5D23-45BF-9A44-E81447944707}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{41DDF051-285A-4302-820B-1F7ACA230071}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D81A7C17-1238-4EE5-AB07-C5E53735A73F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FB43FF58-8464-4504-8B22-2641665EC169}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8B92EC31-5063-4335-ABB4-F2E42F059C9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6D42B1D4-E75D-46BF-A7C7-4A6A8963D01B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{360E1742-2C1B-4D7F-87AC-41A7C77864F1}C:\program files (x86)\clx.paymaker\paymentstudio.exe] => (Allow) C:\program files (x86)\clx.paymaker\paymentstudio.exe (Crealogix AG -> CREALOGIX E-Payment AG)
FirewallRules: [UDP Query User{C3928C57-C7EC-44F8-B09A-15035B72C528}C:\program files (x86)\clx.paymaker\paymentstudio.exe] => (Allow) C:\program files (x86)\clx.paymaker\paymentstudio.exe (Crealogix AG -> CREALOGIX E-Payment AG)
FirewallRules: [{248F099B-D557-498E-8A72-C09DD41B1AC8}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS73CA\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{0B574BBD-D726-4205-B5C4-BB4066EAE4A6}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS73CA\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{B66786B1-D38F-4A62-B9A9-41B4D09C5F45}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS4F19\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{10A5FE06-63F5-40F6-9359-1E17EAE95E44}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS4F19\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{2DB16D09-AF19-423C-BD2F-B4EFDA39956F}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS31EB\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{BD5C521F-19F8-4AF2-8815-1B4D95846EDE}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS31EB\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{8B9ADBB2-7A81-4205-9144-22D34A8E696F}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6B42\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{6690055C-BE58-471B-B452-32DAECD8119F}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6B42\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [TCP Query User{BC5BCFDE-056A-4EB7-A73F-C641C0DA4FDF}C:\program files (x86)\swissjass\sjonline\sjonline.exe] => (Allow) C:\program files (x86)\swissjass\sjonline\sjonline.exe (Michael Gasser -> swissjass.ch)
FirewallRules: [UDP Query User{862D36B8-0A02-41A6-856D-F95E5967C266}C:\program files (x86)\swissjass\sjonline\sjonline.exe] => (Allow) C:\program files (x86)\swissjass\sjonline\sjonline.exe (Michael Gasser -> swissjass.ch)
FirewallRules: [TCP Query User{C13062D8-18E2-4B5B-AE1F-2FF9CAFE066D}C:\program files\swissjass\sjonline\sjonline.exe] => (Allow) C:\program files\swissjass\sjonline\sjonline.exe (Michael Gasser -> swissjass.ch)
FirewallRules: [UDP Query User{0010D02E-9907-4985-BA34-0EF08F3F7AE5}C:\program files\swissjass\sjonline\sjonline.exe] => (Allow) C:\program files\swissjass\sjonline\sjonline.exe (Michael Gasser -> swissjass.ch)
FirewallRules: [{A6B56AEF-9F82-400B-8FA9-AEF220ED0936}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS038E\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{1B522D90-7BEC-4D33-8204-70826E74E5DC}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS038E\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{7A7D28AE-A900-4291-BE06-CA091F0CE2E3}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS65D2\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{885084DC-1FF2-409D-8B9A-4767C3A35498}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS65D2\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{A553DCD1-06D1-43E4-88EB-C0FDF762BB98}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS1ACE\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{9A723823-4312-459D-A909-75A5FEFB679A}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS1ACE\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{38BABA9C-E5AA-47A1-9FAF-35CF552FBEEC}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{34CEB01E-A091-4D2F-A54F-403F7526018D}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{A7787CDF-EAB4-40AC-A321-BF536B27C9B1}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{1A08BC89-6F7E-49E3-B6D6-22AA91383DE8}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{C0C411BF-F5CE-44FD-81A8-34586CFAC753}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{CED3BF6D-68E9-4A8D-A887-ED2422422797}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{F808D729-B2B3-42C9-92AF-DE769606597A}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{127FF11C-A72A-4028-A83B-8FE911283111}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{7AD774C7-EED4-4A74-B9B6-C38AF4F75F6E}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe (mquadr.at software engineering und consulting GmbH -> )
FirewallRules: [{9DC4CA0E-77DC-47A5-93C6-0C9073C617F4}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe (mquadr.at software engineering und consulting GmbH -> )
FirewallRules: [{40BC9AEE-2B71-43C6-A7AC-25ABC19416A0}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS2919\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{FB6F819B-F206-4B3A-B0DF-8A8544FE91CF}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS2919\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{A24E697B-1F63-4BBD-A8CD-9107AA2C67BC}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS2947\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{50B98D1E-7EF1-4EAC-92BE-B966EB4E589E}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS2947\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{AFE07237-12BB-4D1A-9D45-166EFCC302AE}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS7B72\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{FA2E8944-DD8D-4EC5-B8B5-2270FD5BA839}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS7B72\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{A42AACC3-730D-4818-8A9A-318D554369D8}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS7BBD\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{EC855515-DFD7-4151-8CA6-7D2AEBC5A9C4}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS7BBD\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{FB8FA05B-D2A5-4312-8E2B-1D463010CAEA}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{74A7E987-8127-4C59-A578-E9A141E30937}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{F127BA5C-5212-41EF-B599-E2B06CDF7F22}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{BD46B3D9-DBA5-48EE-97FA-EF5F4531E26D}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{67C4D228-2C8D-44F2-B5E2-3BAC91704036}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe (mquadr.at software engineering und consulting GmbH -> )
FirewallRules: [{EBF98858-C107-408B-9465-6D2E16DE041D}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\m2UpdateService.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{633EB9B2-77F2-4024-BADE-2C756F632024}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6683\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{F129C934-5B53-428E-B413-4CD802B0C7C6}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6683\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{4D624018-3836-4A71-A027-A136F38BE403}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS0CB3\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{7A4594D4-7313-48F3-8A2A-E089CB6A7CD8}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS0CB3\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{FCB94838-3F84-46CB-945A-B00F245CA6CF}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS0D22\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{2364D59F-9443-4924-AC59-2FB4AB9B22C8}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS0D22\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{D010E6B9-A6F9-441D-A920-48503CA4A8C0}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{3F275630-A665-4909-8645-D1639D9878EF}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{49DED189-3B50-40BF-8FBE-9801A5A376E1}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{21E2DAAB-FF06-4372-91A2-939127BC9866}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{40461B08-60C1-4EBE-81D3-E984C4D3C82C}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe (mquadr.at software engineering und consulting GmbH -> )
FirewallRules: [{FEAA8831-D13D-4747-A2D9-67FE6885B8E9}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\m2UpdateService.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{6DE4D64A-1120-4C23-B873-B24E14CBF53E}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS4DC6\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{6932B7AC-7588-4802-BBB8-315777DC8FBE}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS4DC6\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{1458A516-C612-435D-A6B9-E8D7CBFE713B}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS4337\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{17FFF7D6-CBDF-49BC-A395-F1EB2BAFE5B0}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS4337\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{9033B206-97AF-4F8E-B413-09EACF600C34}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS43DA\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{77BC5509-F669-4F0B-9CDC-805AB107993C}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS43DA\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{CB93EF89-186A-411A-9703-7832116BB036}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS46F1\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{44DFFC1E-65E8-42E8-B4C4-0072E407E517}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS46F1\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{00EE5013-3CB1-4E97-824E-152DD83C609D}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS533D\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{96BF40D2-8C47-4921-A6CE-F2F6478ED382}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS533D\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [TCP Query User{B9E097C3-5E8E-4FBD-812B-C50D65756955}C:\users\Xx\appdata\local\temp\7zs533d\hpdiagnosticcoreui.exe] => (Block) C:\users\Xx\appdata\local\temp\7zs533d\hpdiagnosticcoreui.exe Keine Datei
FirewallRules: [UDP Query User{588B1A8B-C733-483F-A9EB-836C8809967D}C:\users\Xx\appdata\local\temp\7zs533d\hpdiagnosticcoreui.exe] => (Block) C:\users\Xx\appdata\local\temp\7zs533d\hpdiagnosticcoreui.exe Keine Datei
FirewallRules: [{FD1D3BE4-3D46-4A13-83B0-1ECCA26F3C6D}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS5EB1\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{FFB54017-C2D7-4033-A865-C20AFBDC226B}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS5EB1\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{0B46FD89-B7E1-430C-878E-D2CD9935CFF3}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS0901\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{3D4497E1-ED40-481D-9E1C-C844509937E6}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS0901\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{B12AD0B2-1AE8-49EF-AFCC-9A69C3BA87A2}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS2608\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{838CE8A6-DB17-4FB7-8CC1-B4AB264AAB54}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS2608\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{F2E29AF6-4116-4590-AAE2-C4A9DF9E8BF7}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6C93\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{764440DC-69D3-4442-BB66-AA0D1A616A26}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6C93\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{F0169490-1AE6-4B8E-88A6-2B1555341FB5}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS5ECD\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{74302609-5C34-4B14-8975-EEE25BA544C4}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS5ECD\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{293B2719-D189-4F19-8809-82FD85928A15}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6918\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{4FFBD2BC-29A4-4A73-843C-718912E62EDB}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6918\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{77630A97-FA44-4330-ADAB-9CAA4B23CDCD}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS1707\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{D07A93CC-1675-49CE-8B5C-CE2C815520E6}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS1707\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{B114F0E9-7D81-4018-9551-79F1D75C4843}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS7B4C\HP.EasyStart.exe Keine Datei
FirewallRules: [{B30E5837-60C4-4F0A-AD0A-79B4AEC6E8B3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{D419BCD4-A40D-45B4-9909-38678DBF9388}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe Keine Datei
FirewallRules: [UDP Query User{4E98A500-A2D0-4444-B611-F9A43778F660}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe Keine Datei
FirewallRules: [{91CB8313-F98D-4575-8206-DB46244E560C}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS66E9\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{955502E1-3B16-4690-84D3-E85742BFB615}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS66E9\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{97F0A1D3-5C67-4FFA-89CB-A79256990ECA}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6730\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{64B4F13F-4D8B-4597-8FF9-ECB3BAE839F8}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6730\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{43D15726-08B9-46E0-AED6-D73964099FE2}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6AEA\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{5413C0DA-E0EC-468A-9536-DDDEB5B67D5C}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6AEA\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{607CD324-C195-47FB-A383-92E2806FC934}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6DF5\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{CEF434E4-A8AF-475F-A0EB-8BB6C4A534EF}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS6DF5\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{82E8E55F-A757-4D00-8E32-7797EFABBA68}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS59A1\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{B9C99369-C5A5-4F14-AF8D-A7BD02F82EF1}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS59A1\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{0276EF66-F9A0-4233-96CE-309D736863FB}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS748E\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{0E874931-DD18-4D2F-AFC4-600551E5FD29}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS748E\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [TCP Query User{B96290A5-95D9-46C7-913D-E2AF6FCBC333}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe (Mercer Road Corp -> )
FirewallRules: [UDP Query User{137D8666-CEF9-46AF-B862-F793E4055D5E}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe (Mercer Road Corp -> )
FirewallRules: [{7F0761D5-7601-40B6-AA4C-D29F64D1E102}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{A44AA270-BC39-44C7-846F-C9DC25CD7636}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{6BDB5B52-7420-4FBE-BBAC-8024F8DED5B1}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{58489995-4E4C-4CB7-A63F-4DB5F3A7D6AA}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{CB38446E-39CE-4CDD-8E12-B98B24CB03AF}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe (mquadr.at software engineering und consulting GmbH -> )
FirewallRules: [{33BA63D7-E0D9-449D-B876-927C95B4F00E}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\m2UpdateService.exe (mquadr.at software engineering und consulting GmbH -> Swisscom)
FirewallRules: [{4264905B-57A6-4AB2-B61F-AAE3688AA8D7}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8730\bin\FaxApplications.exe (HP Inc -> HP Inc.)
FirewallRules: [{0C021FFE-3460-4D2A-8772-475E8BDFAC70}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8730\bin\DigitalWizards.exe (HP Inc -> HP Inc.)
FirewallRules: [{5E8A463A-CA51-4D9F-A396-FE7D40D6446A}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8730\bin\SendAFax.exe (HP Inc -> HP Inc.)
FirewallRules: [{EF3BB5F5-AAEA-40C6-84C9-E14E55A333C4}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8730\bin\FaxPrinterUtility.exe (HP Inc -> HP Inc.)
FirewallRules: [{459A0B06-F108-4CD4-A6D9-24438262A79B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8730\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)
FirewallRules: [{0887BD0E-9BF1-417D-A0DD-72D7F2B3FE44}] => (Allow) LPort=5357
FirewallRules: [{8AD0DD89-00CE-4018-8064-55EEB58F8E91}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8730\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)
FirewallRules: [{7DAAFDCE-A880-48FE-9B4B-B3490D92440F}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS010D\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{76A07F29-61D2-4EB4-8632-5134CDA672FF}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS010D\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{666F070E-C2C1-4D44-A63A-15D6A42DCD4D}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD05F9B9-ED13-4A26-8A95-AA2F82DA6F0B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{C66A96D4-ED7B-4710-A4A2-FF6711BFF925}] => (Allow) C:\Program Files (x86)\Opera\58.0.3135.118\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{22009261-4FBB-4AB5-8790-4E666E7195F9}] => (Allow) C:\Program Files (x86)\Opera\58.0.3135.127\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{D4A75CF4-7963-4B85-A3DE-96CB0FC938D3}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS7E7D\HPDiagnosticCoreUI.exe Keine Datei
FirewallRules: [{33359E3B-E3AE-4FF3-BD2C-1A36B6317584}] => (Allow) C:\Users\Xx\AppData\Local\Temp\7zS7E7D\HPDiagnosticCoreUI.exe Keine Datei
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

23-03-2019 07:54:36 PayMaker wird installiert
01-04-2019 03:44:59 Geplanter Prüfpunkt
08-04-2019 00:20:07 Revo Uninstaller's restore point - EasyPDFCombine Internet Explorer Homepage and New Tab
08-04-2019 00:21:32 Revo Uninstaller's restore point - PDFConverterHQ Internet Explorer Homepage and New Tab
08-04-2019 00:22:32 Revo Uninstaller's restore point - AllInOneDocs Internet Explorer Homepage and New Tab
08-04-2019 00:24:10 Revo Uninstaller's restore point - SnapMyScreen Internet Explorer Homepage and New Tab
08-04-2019 00:25:22 Revo Uninstaller's restore point - WinHTTrack Website Copier 3.49-2 (x64)
08-04-2019 01:04:18 Revo Uninstaller's restore point - Lightshot-5.4.0.35

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/08/2019 12:39:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Camera.exe, Version: 6.3.9600.17418, Zeitstempel: 0x545821bf
Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.3.9600.18298, Zeitstempel: 0x570551e1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000608c24
ID des fehlerhaften Prozesses: 0x160c
Startzeit der fehlerhaften Anwendung: 0x01d4ed92b8bf6aab
Pfad der fehlerhaften Anwendung: C:\WINDOWS\Camera\Camera.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\Windows.UI.Xaml.dll
Berichtskennung: f6790048-5985-11e9-a492-78e3b5c83e39
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/08/2019 12:20:07 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Xxache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {613be16f-3d1d-484c-9aab-ed37ed119cd5}

Error: (04/07/2019 06:20:40 AM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3

Error: (04/07/2019 06:20:40 AM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3

Error: (04/07/2019 06:20:40 AM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3

Error: (04/07/2019 06:20:40 AM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3

Error: (04/07/2019 06:20:40 AM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3

Error: (04/07/2019 06:20:40 AM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: Event-ID 3


Systemfehler:
=============
Error: (04/07/2019 09:47:21 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (04/07/2019 04:51:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
Das angegebene Modul wurde nicht gefunden.

Error: (04/07/2019 02:01:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
Das angegebene Modul wurde nicht gefunden.

Error: (04/07/2019 12:59:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
Das angegebene Modul wurde nicht gefunden.

Error: (04/07/2019 12:09:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
Das angegebene Modul wurde nicht gefunden.

Error: (04/07/2019 08:34:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
Das angegebene Modul wurde nicht gefunden.

Error: (04/07/2019 08:13:38 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 49.

Error: (04/07/2019 08:13:38 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 49.


Windows Defender:
===================================
Date: 2014-08-18 15:55:08.293
Description: 
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {0B6DE34A-5537-4EAA-923E-3CE5E79F97C5}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: PC-01\XX

Date: 2014-08-15 23:15:03.619
Description: 
Die Windows Defender-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {F22A5335-1E3A-44F3-A275-00E7BF21800A}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: PC-01\XX

Date: 2018-09-10 14:36:39.295
Description: 
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten SignatXxatz wiederherzustellen.
Betroffene Signaturen: Sicherung
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel. 
Signaturversion: 1.179.3249.0;1.179.3249.0
Modulversion: 1.1.10802.0

Date: 2017-03-09 13:57:26.764
Description: 
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten SignatXxatz wiederherzustellen.
Betroffene Signaturen: Sicherung
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel. 
Signaturversion: 1.179.3249.0;1.179.3249.0
Modulversion: 1.1.10802.0

Date: 2017-03-09 13:53:55.414
Description: 
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten SignatXxatz wiederherzustellen.
Betroffene Signaturen: Sicherung
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel. 
Signaturversion: 1.179.3249.0;1.179.3249.0
Modulversion: 1.1.10802.0

Date: 2017-03-09 13:53:55.351
Description: 
Fehler von Windows Defender beim Laden von Signaturen. Es wird versucht, einen als gültig bekannten SignatXxatz wiederherzustellen.
Betroffene Signaturen: Aktuell
Fehlercode: 0x80073aba
Fehlerbeschreibung: Die Ressource ist zu alt und daher nicht mehr kompatibel. 
Signaturversion: 1.179.3332.0;1.179.3332.0
Modulversion: 1.1.10802.0

Date: 2014-08-17 13:58:58.930
Description: 
Fehler von Windows Defender beim Aktualisieren von Signaturen.
Neue Signaturversion: 
Vorherige Signaturversion: 1.155.266.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 
Vorherige Modulversion: 1.1.9700.0
Fehlercode: 0x8024001e
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 16337.18 MB
Verfügbarer physikalischer RAM: 11464.91 MB
Summe virtueller Speicher: 18769.18 MB
Verfügbarer virtueller Speicher: 13253.55 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:222.44 GB) (Free:100.83 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (Recovery Image) (Fixed) (Total:14.21 GB) (Free:1.68 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (DATADRIVE1) (Fixed) (Total:931.26 GB) (Free:930.98 GB) NTFS
Drive g: (Volume) (Fixed) (Total:195.31 GB) (Free:115.41 GB) NTFS
Drive h: (Volume) (Fixed) (Total:736.07 GB) (Free:705.54 GB) NTFS
Drive i: (SYSTEM PC) (Fixed) (Total:31.99 GB) (Free:19.4 GB) FAT32 ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive j: (Daten PC) (Fixed) (Total:2016 GB) (Free:1779.05 GB) NTFS
Drive k: (Daten Laptop) (Fixed) (Total:2509.5 GB) (Free:1885.81 GB) NTFS
Drive l: (SYSTEM LAPT) (Fixed) (Total:99.94 GB) (Free:99.94 GB) FAT32

\\?\Volume{88140788-360a-4d63-9425-dd33cf775071}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS
\\?\Volume{4d10a27f-1abe-406a-8aef-ed5a3ceec97d}\ () (Fixed) (Total:0.34 GB) (Free:0.05 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: B6D04CA4)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 265A58E6)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 01F313E5)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

==================== Ende von Addition.txt ============================

==================== Ende von Addition.txt ============================
         

Geändert von Irgendwoher2 (08.04.2019 um 01:44 Uhr)

Alt 08.04.2019, 01:50   #2
Irgendwoher2
 
tooltabextension.dll u.a. - Standard

tooltabextension.dll u.a.



FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
durchgeführt von XX (Administrator) auf PC-01 (08-04-2019 02:29:04)
Gestartet von C:\Users\Xx\AppData\Local\Microsoft\Windows\INetCache\IE\VXEVB054
Geladene Profile: XX (Verfügbare Profile: XX)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(IDT, Inc.) [Datei ist nicht signiert] C:\Program Files\IDT\WDM\stacsv64.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\Ultralight\ulcore\1552296247\fshoster64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\Ultralight\ulcore\1552296247\fshoster64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\Ultralight\ulcore\1552296247\fsorsp64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\Ultralight\ulcore\1552296247\fsulprothoster.exe
(Intel(R) Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Seagate Technology LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Seagate Technology LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Integrated Device Technology Inc. -> Hewlett-Packard ) [Datei ist nicht signiert] C:\Program Files\IDT\WDM\Beats64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IDT, Inc.) [Datei ist nicht signiert] C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8730\Bin\ScanToPCActivationApp.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8730\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Portrait Displays, Inc. -> ) C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
(Portrait Displays, Inc. -> ) C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\dthtml.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc. -> Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(mquadr.at software engineering und consulting GmbH -> Swisscom) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(mquadr.at software engineering und consulting GmbH -> Swisscom) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-05] (Integrated Device Technology Inc. -> Hewlett-Packard ) [Datei ist nicht signiert]
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794904 2014-07-30] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.) [Datei ist nicht signiert]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe [694824 2009-03-03] (Portrait Displays, Inc. -> )
HKLM-x32\...\Run: [DT HPC] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122384 2014-06-27] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC -> Seagate Technology LLC)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Datei ist nicht signiert]
HKLM-x32\...\Run: [My Swisscom Assistant] => C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe [11054408 2018-10-24] (mquadr.at software engineering und consulting GmbH -> Swisscom)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [203264 2009-10-10] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC -> Seagate Technology LLC)
HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [Datei ist nicht signiert]
HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\Run: [HP OfficeJet Pro 8730 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8730\Bin\ScanToPCActivationApp.exe [3734944 2018-12-05] (HP Inc -> HP Inc.)
HKU\S-1-5-21-2143967816-975072899-265787009-1001\...\MountPoints2: {5dea0c3a-3cba-11e4-8224-78e3b5c83e39} - "I:\WD SmartWare.exe" autoplay=true
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-21] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
Startup: C:\Users\Xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2018-12-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0FA8DC2E-FC4A-4551-82D1-77D89C16672C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CFD63DF3-7652-42CE-94A4-5AD5BBF5A3F4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
SearchScopes: HKLM -> {53F55657-9B2E-4F9C-BEF9-42715B672147} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {53F55657-9B2E-4F9C-BEF9-42715B672147} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2143967816-975072899-265787009-1001 -> {3C27820D-A4E1-4A2C-A54D-6438685ED905} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2143967816-975072899-265787009-1001 -> {DFF453F4-8C04-4DC4-8D04-17F72A9AB048} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\Ultralight\nif\1553689882\browser\install\fs_ie_https\fs_ie_https64.dll [2019-03-27] (F-Secure Corporation -> F-Secure Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kein Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Keine Datei
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\Ultralight\nif\1553689882\browser\install\fs_ie_https\fs_ie_https.dll [2019-03-27] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
Toolbar: HKU\S-1-5-21-2143967816-975072899-265787009-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Xx\AppData\Roaming\Mozilla\Firefox\Profiles\8vi706ih.default [2019-04-08]
FF Homepage: Mozilla\Firefox\Profiles\8vi706ih.default -> hxxp://www.google.ch/
FF Extension: (uBlock Origin) - C:\Users\Xx\AppData\Roaming\Mozilla\Firefox\Profiles\8vi706ih.default\Extensions\uBlock0@raymondhill.net.xpi [2019-03-14]
FF Extension: (Web of Trust) - C:\Users\Xx\AppData\Roaming\Mozilla\Firefox\Profiles\8vi706ih.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-06-26]
FF Extension: (Video DownloadHelper) - C:\Users\Xx\AppData\Roaming\Mozilla\Firefox\Profiles\8vi706ih.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-02]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\Xx\AppData\Roaming\Mozilla\Firefox\Profiles\8vi706ih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-04]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\Ultralight\nif\1553689882\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\F-Secure\apps\Ultralight\nif\1553689882\browser\install\fs_firefox_https\fs_firefox_https.xpi [2019-03-27]
FF HKLM-x32\...\Firefox\Extensions: [{ab9c4c65-5a13-49d6-893d-f8698f0686dc}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\Ultralight\nif\1553689882\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-13] (Adobe Systems Incorporated -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-18] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-18] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-19] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-19] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2143967816-975072899-265787009-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Xx\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-20] (Citrix Online -> Citrix Online)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.ch/"
CHR DefaultSearchKeyword: Default -> hma
CHR Profile: C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default [2019-04-08]
CHR Extension: (Präsentationen) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-31]
CHR Extension: (Docs) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-31]
CHR Extension: (Google Drive) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26]
CHR Extension: (YouTube) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2015-11-26]
CHR Extension: (Google-Suche) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]
CHR Extension: (Tabellen) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-26]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2018-12-26]
CHR Extension: (Skype) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-02-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Web Cache Viewer) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkloffickinnlnmefmjmjbacohecpbd [2017-09-28]
CHR Extension: (Google Mail) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-16]
CHR Extension: (Chrome Media Router) - C:\Users\Xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-14]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR StartupUrls: "hxxps://www.google.ch/"

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-27] (CyberLink Corp. -> CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-27] (CyberLink Corp. -> CyberLink)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-06-13] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [213472 2018-05-08] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [213472 2018-05-08] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\F-Secure\apps\Ultralight\ulcore\1552296247\fshoster64.exe [579560 2019-03-11] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulnethoster; C:\Program Files (x86)\F-Secure\apps\Ultralight\ulcore\1552296247\fshoster64.exe [579560 2019-03-11] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\F-Secure\apps\Ultralight\ulcore\1552296247\fsorsp64.exe [101320 2019-03-11] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\F-Secure\apps\Ultralight\ulcore\1552296247\fsulprothoster.exe [579560 2019-03-11] (F-Secure Corporation -> F-Secure Corporation)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2014-08-18] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-18] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-03-18] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 m2UpdateService_F8F8565687B043BDB2BA3B7982C22B5E; C:\Program Files (x86)\Swisscom\My Swisscom Assistant\m2UpdateService.exe [7862088 2018-10-24] (mquadr.at software engineering und consulting GmbH -> Swisscom)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC -> Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC -> Seagate Technology LLC)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Xx\AppData\Local\Temp\7zS671B\hpslpsvc64.dll [X] <==== ACHTUNG
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 DrvAgent64; C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [20872 2017-01-13] (eSupport.com, Inc -> Phoenix Technologies)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Datei ist nicht signiert]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Datei ist nicht signiert]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Datei ist nicht signiert]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Datei ist nicht signiert]
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\Ultralight\ulcore\1552296247\fsulgk.sys [262304 2019-03-11] (F-Secure Corporation -> F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\F-Secure\apps\Ultralight\ulcore\1552296247\fshs.sys [97440 2019-03-11] (F-Secure Corporation -> F-Secure Corporation)
R0 fsbts; C:\WINDOWS\System32\drivers\fsbts.sys [65872 2018-08-07] (F-Secure Corporation -> )
R3 fsni; C:\Program Files (x86)\F-Secure\apps\Ultralight\nif\1553689882\fsni64.sys [108704 2019-03-27] (F-Secure Corporation -> F-Secure Corporation)
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2014-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-11-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2014-01-05] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbrndis6; C:\WINDOWS\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [14464 2015-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [62856 2017-10-24] (Intel Corporation -> Intel Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-04-08 02:28 - 2019-04-08 02:29 - 000000000 ____D C:\FRST
2019-04-08 00:37 - 2019-04-08 00:37 - 000455056 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190408-003753.backup
2019-04-08 00:37 - 2015-12-30 12:54 - 000450821 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190408-003730.backup
2019-04-08 00:33 - 2019-04-08 00:34 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-04-08 00:33 - 2019-04-08 00:33 - 000001428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2019-04-08 00:33 - 2019-04-08 00:33 - 000001416 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2019-04-08 00:33 - 2019-04-08 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2019-04-08 00:33 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2019-04-08 00:32 - 2019-04-08 00:32 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\Xx\Downloads\spybotsd-2.7.64.0.exe
2019-04-07 12:19 - 2019-04-07 12:57 - 000000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForXX.job
2019-04-07 12:19 - 2019-04-07 12:19 - 000003182 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForXX
2019-04-07 04:47 - 2019-04-07 04:47 - 002371048 _____ C:\Users\Xx\Downloads\PKKatalogEinleitung.pdf
2019-04-05 02:26 - 2019-04-05 02:27 - 000000000 ____D C:\Users\Xx\Downloads\Ricardo Statistik
2019-04-05 02:24 - 2019-04-05 02:24 - 000000000 ____D C:\Users\Xx\Downloads\Bachpiece
2019-03-31 06:53 - 2019-03-31 06:53 - 000003176 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2143967816-975072899-265787009-1001
2019-03-31 06:53 - 2019-03-31 06:53 - 000002351 _____ C:\Users\Xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2019-03-29 18:26 - 2019-03-29 18:26 - 000003862 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1427314068
2019-03-29 18:26 - 2019-03-29 18:26 - 000001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2019-03-23 07:54 - 2019-03-23 07:54 - 000001945 _____ C:\Users\Public\Desktop\PayMaker.lnk
2019-03-23 07:54 - 2019-03-23 07:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PayMaker
2019-03-21 13:21 - 2019-03-28 13:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2019-03-21 13:21 - 2019-03-21 13:21 - 000001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audiodatei-Mixer.lnk
2019-03-21 13:21 - 2019-03-21 13:21 - 000000000 ____D C:\Users\Xx\Documents\Mixpad Projects
2019-03-21 13:21 - 2019-03-21 13:21 - 000000000 ____D C:\ProgramData\NCH Software
2019-03-21 13:21 - 2019-03-21 13:21 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-03-16 05:28 - 2019-03-16 05:28 - 000000000 ____D C:\Users\Xx\AppData\Roaming\EPSON
2019-03-16 05:18 - 2019-03-16 05:18 - 000000000 ____D C:\Users\Xx\AppData\Roaming\Lasersoft Imaging
2019-03-16 05:13 - 2019-03-16 05:13 - 000002189 _____ C:\Users\Public\Desktop\Scan-n-Stitch Deluxe.lnk
2019-03-16 05:13 - 2019-03-16 05:13 - 000000000 ____D C:\Users\Xx\AppData\Local\ArcSoft
2019-03-16 05:13 - 2019-03-16 05:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Scan-n-Stitch Deluxe
2019-03-16 05:13 - 2019-03-16 05:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2019-03-16 05:13 - 2019-03-16 05:13 - 000000000 ____D C:\ProgramData\ArcSoft
2019-03-16 05:13 - 2019-03-16 05:13 - 000000000 ____D C:\Program Files (x86)\ArcSoft
2019-03-16 05:12 - 2019-03-16 05:14 - 000000000 ____D C:\Users\Xx\AppData\Roaming\ArcSoft
2019-03-16 05:11 - 2019-03-16 05:11 - 000000953 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2019-03-16 05:11 - 2019-03-16 05:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2019-03-16 05:11 - 2019-03-16 05:11 - 000000000 ____D C:\Program Files (x86)\epson
2019-03-16 05:11 - 2009-05-01 01:00 - 000128392 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2019-03-16 05:11 - 2009-05-01 01:00 - 000017408 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\esxcdev.dll
2019-03-16 05:11 - 2007-11-20 01:00 - 000055808 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\esxcwiab.dll
2019-03-13 02:14 - 2019-03-02 17:01 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-13 02:14 - 2019-03-02 17:01 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-12 20:26 - 2019-03-06 09:23 - 001737712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-03-12 20:26 - 2019-03-06 09:23 - 001501056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-12 20:26 - 2019-03-06 09:23 - 001371464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-12 20:26 - 2019-03-06 09:22 - 001677232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-12 20:26 - 2019-03-06 09:22 - 001537768 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-12 20:26 - 2019-03-06 09:18 - 007368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-12 20:26 - 2019-03-06 08:27 - 004167680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-03-12 20:26 - 2019-03-06 08:26 - 000032896 ____C (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2019-03-12 20:26 - 2019-03-06 08:26 - 000032896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-12 20:26 - 2019-03-06 08:03 - 003324416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-12 20:26 - 2019-03-06 07:37 - 003617280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-12 20:26 - 2019-03-06 06:50 - 002780160 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2019-03-12 20:26 - 2019-03-06 06:39 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2019-03-12 20:26 - 2019-02-26 09:57 - 025737216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-12 20:26 - 2019-02-26 09:33 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-12 20:26 - 2019-02-26 09:31 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-12 20:26 - 2019-02-26 09:31 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2019-03-12 20:26 - 2019-02-26 09:31 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2019-03-12 20:26 - 2019-02-26 09:25 - 020281856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-12 20:26 - 2019-02-26 09:22 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-12 20:26 - 2019-02-26 09:20 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-12 20:26 - 2019-02-26 09:07 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-12 20:26 - 2019-02-26 09:04 - 002295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-12 20:26 - 2019-02-26 08:58 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2019-03-12 20:26 - 2019-02-26 08:57 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-12 20:26 - 2019-02-26 08:56 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2019-03-12 20:26 - 2019-02-26 08:56 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2019-03-12 20:26 - 2019-02-26 08:51 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2019-03-12 20:26 - 2019-02-26 08:46 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2019-03-12 20:26 - 2019-02-26 08:44 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-03-12 20:26 - 2019-02-26 08:43 - 015284224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-12 20:26 - 2019-02-26 08:43 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-03-12 20:26 - 2019-02-26 08:41 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-03-12 20:26 - 2019-02-26 08:41 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2019-03-12 20:26 - 2019-02-26 08:39 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2019-03-12 20:26 - 2019-02-26 08:39 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2019-03-12 20:26 - 2019-02-26 08:36 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2019-03-12 20:26 - 2019-02-26 08:35 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-12 20:26 - 2019-02-26 08:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2019-03-12 20:26 - 2019-02-26 08:31 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-03-12 20:26 - 2019-02-26 08:31 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-03-12 20:26 - 2019-02-26 08:31 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-03-12 20:26 - 2019-02-26 08:29 - 013681664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-12 20:26 - 2019-02-26 08:29 - 004858880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-12 20:26 - 2019-02-26 08:25 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2019-03-12 20:26 - 2019-02-26 08:20 - 001049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2019-03-12 20:26 - 2019-02-26 08:18 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-12 20:26 - 2019-02-26 08:12 - 004386304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-12 20:26 - 2019-02-26 08:09 - 001332224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-12 20:26 - 2019-02-26 08:07 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-03-12 20:26 - 2019-02-26 08:06 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-03-12 20:26 - 2019-02-20 22:17 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-12 20:26 - 2019-02-15 21:58 - 000536584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-12 20:26 - 2019-02-15 21:58 - 000466272 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-12 20:26 - 2019-02-15 21:58 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-12 20:26 - 2019-02-15 21:54 - 000038184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-12 20:26 - 2019-02-15 21:51 - 000449744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-12 20:26 - 2019-02-15 21:51 - 000413576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-12 20:26 - 2019-02-15 21:51 - 000033504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-12 20:26 - 2019-02-15 21:50 - 000372328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-03-12 20:26 - 2019-02-09 21:36 - 000444392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-12 20:26 - 2019-02-09 21:36 - 000218056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-12 20:26 - 2019-02-09 20:53 - 000923384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-12 20:26 - 2019-02-09 20:51 - 002014696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-12 20:26 - 2019-02-09 20:26 - 000333560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-12 20:26 - 2019-02-09 19:49 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-12 20:26 - 2019-02-09 19:49 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-12 20:26 - 2019-02-09 19:49 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-12 20:26 - 2019-02-09 19:46 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2019-03-12 20:26 - 2019-02-09 19:18 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2019-03-12 20:26 - 2019-02-09 19:03 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2019-03-12 20:26 - 2019-02-09 18:56 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2019-03-12 20:26 - 2019-02-09 18:45 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2019-03-12 20:26 - 2019-02-09 18:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-12 20:26 - 2019-02-09 18:16 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-12 20:26 - 2019-02-09 18:15 - 001095680 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-12 20:26 - 2019-02-09 02:38 - 002534936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-12 20:26 - 2019-02-09 02:33 - 001901888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-12 20:26 - 2019-02-09 01:40 - 001137776 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-03-12 20:26 - 2019-02-09 01:40 - 000805168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-03-12 20:26 - 2019-02-09 01:07 - 000614040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-03-12 20:26 - 2019-02-09 00:18 - 000862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-03-12 20:26 - 2019-02-08 23:39 - 001197056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-03-12 20:26 - 2019-02-08 23:29 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-03-12 20:26 - 2019-02-08 21:55 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-12 20:26 - 2019-02-08 20:54 - 001755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-12 20:26 - 2019-02-08 20:51 - 002348032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-12 20:26 - 2019-02-08 20:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-12 20:26 - 2019-02-08 19:50 - 001493504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-12 20:26 - 2019-02-08 19:45 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-12 20:26 - 2019-02-07 21:38 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-12 20:26 - 2019-02-07 02:40 - 001311240 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-12 20:26 - 2019-02-07 02:40 - 001308240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-12 20:26 - 2019-02-06 21:32 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-12 20:26 - 2019-02-06 21:32 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-12 20:26 - 2019-02-06 21:31 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-12 20:26 - 2019-02-06 21:30 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2019-03-12 20:26 - 2019-02-06 21:30 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-12 20:26 - 2019-02-06 20:27 - 001040384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-12 20:26 - 2019-02-06 19:52 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-12 20:26 - 2019-02-01 06:27 - 002447600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-12 20:26 - 2019-01-09 06:20 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcproviders.dll
2019-03-12 20:26 - 2019-01-09 06:10 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2019-03-12 20:26 - 2019-01-09 06:06 - 000894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2019-03-12 20:26 - 2019-01-09 05:52 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hcproviders.dll
2019-03-12 20:26 - 2019-01-09 05:45 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2019-03-12 20:26 - 2019-01-09 05:40 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2019-03-12 20:26 - 2019-01-08 08:02 - 001764504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2019-03-12 20:26 - 2019-01-08 07:12 - 001489704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2019-03-12 20:26 - 2019-01-05 09:35 - 000152128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-12 20:26 - 2019-01-04 16:15 - 001635328 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-12 20:26 - 2019-01-04 16:15 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-12 20:26 - 2019-01-04 16:15 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-12 20:26 - 2019-01-04 16:15 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-12 20:26 - 2019-01-04 16:15 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2019-03-12 20:26 - 2019-01-04 16:15 - 000451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-12 20:26 - 2019-01-04 16:15 - 000313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-12 20:26 - 2019-01-04 16:15 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-12 20:14 - 2019-03-12 20:14 - 000513376 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-03-12 20:14 - 2019-03-12 20:14 - 000513376 _____ C:\WINDOWS\system32\locale.nls

==================== Ein Monat (geänderte) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2019-04-08 02:01 - 2016-11-16 18:26 - 000000000 ____D C:\Users\Xx\AppData\LocalLow\Mozilla
2019-04-08 01:45 - 2014-01-21 12:21 - 000000000 ____D C:\Users\Xx\AppData\Local\HPConnectedMusic
2019-04-08 01:44 - 2017-03-09 14:59 - 000000000 ____D C:\Users\Xx\AppData\Local\F-Secure
2019-04-08 01:17 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-04-08 01:11 - 2015-12-30 12:31 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-04-08 01:09 - 2014-01-21 04:35 - 000000000 ____D C:\Users\Xx\Documents\Outlook-Dateien
2019-04-08 01:09 - 2014-01-18 14:01 - 000003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2143967816-975072899-265787009-1001
2019-04-08 01:04 - 2019-02-07 20:35 - 000000059 _____ C:\Users\Xx\AppData\Local\UserProducts.xml
2019-04-08 01:04 - 2019-02-07 20:35 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2019-04-08 00:39 - 2017-08-20 22:12 - 000000000 ____D C:\Users\Xx\AppData\Local\CrashDumps
2019-04-08 00:36 - 2019-02-07 20:35 - 000000408 _____ C:\WINDOWS\Tasks\update-sys.job
2019-04-08 00:29 - 2014-01-18 13:49 - 000000000 ____D C:\Users\Xx\AppData\Roaming\Adobe
2019-04-07 23:36 - 2019-02-07 20:35 - 000000408 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2143967816-975072899-265787009-1001.job
2019-04-07 21:57 - 2014-01-19 00:40 - 000000000 ____D C:\Users\Public\Documents\Crealogix
2019-04-07 21:03 - 2014-01-18 15:17 - 000000000 ____D C:\Users\Xx
2019-04-07 20:17 - 2014-01-18 13:48 - 000000000 ____D C:\Users\Xx\AppData\Local\Packages
2019-04-07 16:54 - 2013-11-14 09:27 - 002019734 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-07 16:54 - 2013-11-14 09:11 - 000860236 _____ C:\WINDOWS\system32\perfh007.dat
2019-04-07 16:54 - 2013-11-14 09:11 - 000197328 _____ C:\WINDOWS\system32\perfc007.dat
2019-04-07 16:54 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2019-04-07 16:49 - 2014-01-18 15:15 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-07 16:49 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-07 08:32 - 2014-01-28 16:53 - 000522752 ___SH C:\Users\Xx\Desktop\Thumbs.db
2019-04-05 20:14 - 2018-07-16 20:30 - 000000000 ____D C:\Users\Xx\Documents\Silvia
2019-04-05 02:26 - 2015-10-19 16:12 - 000000000 ____D C:\Users\Xx\Downloads\Diverse
2019-04-05 02:24 - 2014-01-21 01:15 - 000000000 ____D C:\Users\Xx\Downloads\Adobe Produkte
2019-04-02 11:26 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2019-04-01 14:08 - 2019-03-01 10:09 - 000000000 _____ C:\Users\Xx\Documents\HPOJ8730_Fax_Port
2019-03-30 12:18 - 2014-02-07 00:24 - 000002031 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2019-03-29 18:26 - 2015-03-25 22:07 - 000000000 ____D C:\Program Files (x86)\Opera
2019-03-28 07:18 - 2017-01-27 08:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-03-28 07:18 - 2014-03-12 00:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-28 05:21 - 2014-03-12 00:19 - 000001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-03-28 03:04 - 2015-01-13 03:15 - 000003542 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 03:04 - 2015-01-13 03:15 - 000003414 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-23 14:31 - 2014-01-18 16:32 - 000000000 ____D C:\Program Files\Microsoft Office 15
2019-03-23 14:31 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-23 07:54 - 2014-01-18 23:24 - 000000000 ____D C:\Program Files (x86)\CLX.PayMaker
2019-03-22 19:25 - 2018-07-11 18:34 - 000000000 ____D C:\Users\Xx\Documents\Philipp
2019-03-21 17:49 - 2014-01-24 16:31 - 000000000 ____D C:\Users\Xx\AppData\Local\HP
2019-03-21 13:19 - 2015-08-15 03:11 - 000000000 ____D C:\Users\Xx\AppData\Roaming\vlc
2019-03-21 07:25 - 2015-01-13 03:15 - 000002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-16 05:24 - 2017-03-09 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-03-16 05:13 - 2013-11-12 01:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-03-16 05:10 - 2014-01-18 22:34 - 000000000 ____D C:\Users\Xx\AppData\Local\ElevatedDiagnostics
2019-03-15 06:45 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2019-03-13 13:08 - 2013-08-22 16:44 - 002313888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-13 12:42 - 2015-05-20 00:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-13 12:42 - 2014-12-24 09:19 - 000000000 ___SD C:\WINDOWS\system32\CompatTel
2019-03-13 12:42 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2019-03-13 06:23 - 2018-03-14 07:52 - 000004518 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-03-13 06:23 - 2014-03-17 06:03 - 000004342 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-03-13 06:23 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-03-13 06:23 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-03-13 02:14 - 2014-01-18 14:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-13 02:14 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-13 02:12 - 2014-01-18 14:31 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-05-25 04:35 - 2014-05-25 18:01 - 000005120 _____ () C:\Users\Xx\AppData\Local\Databases.db
2015-05-27 12:30 - 2019-02-04 19:24 - 000007596 _____ () C:\Users\Xx\AppData\Local\Resmon.ResmonCfg
2019-02-07 20:35 - 2019-02-07 20:35 - 000000003 _____ () C:\Users\Xx\AppData\Local\updater.log
2019-02-07 20:35 - 2019-04-08 01:04 - 000000059 _____ () C:\Users\Xx\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\dllhost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dllhost.exe => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2019-04-06 14:12

==================== Ende von FRST.txt ============================
         
--- --- ---


Code:
ATTFilter
Search results from Spybot - Search & Destroy

08.04.2019 00:58:15
Scan took 00:22:06.
45 items found.

PU.PrivacyRisk.WOT: [SBI $B21323E8]  Data (File, nothing done)
  C:\Users\Xx\AppData\Roaming\Mozilla\Firefox\Profiles\8vi706ih.default\WOT\storage.json
  Category=PUPS
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
  Properties.size=40617
  Properties.md5=AA78AAAE3C9991EC322AC13C3BB457C8
  Properties.filedate=1506882336
  Properties.filedatetext=2017-10-01 18:25:35

PU.Mindspark.PDFConverterHQ: [SBI $E979ADAB] User settings (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\PDFConverterHQ
  Category=PUPS
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/showthread.php?74295

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

CasaleMedia: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Zedo: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Zedo: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Zedo: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Zedo: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Zedo: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

DoubleClick: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Zedo: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Zedo: [SBI $ASBRCOOK] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\7-ZIP\FM\FolderHistory
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\7-ZIP\FM\PanelPath0
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Microsoft Management Console\Recent File List
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
  Category=Tracks
  ThreatLevel=2
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $BCOOKIES] Browser: Cookie (15) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Cache: [SBI $BCACHE00] Browser: Cache (11) (Browser: Cache, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Verlauf: [SBI $BHISTORY] Browser: History (25) (Browser: History, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Cache: [SBI $BCACHE00] Browser: Cache (12378) (Browser: Cache, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Verlauf: [SBI $BHISTORY] Browser: History (5428) (Browser: History, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Cookie: [SBI $BCOOKIES] Browser: Cookie (263) (Browser: Cookie, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Cache: [SBI $BCACHE00] Browser: Cache (1520) (Browser: Cache, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54

Verlauf: [SBI $BHISTORY] Browser: History (51) (Browser: History, nothing done)
  
  Category=Browser
  ThreatLevel=1
  Weblink=hxxp://forums.spybot.info/forumdisplay.php?54


--- Spybot - Search & Destroy version: 2.7.64.131  DLL (build: 20180214) ---

2018-04-20 blindman.exe (2.7.64.152)
2018-04-20 explorer.exe (2.7.64.191)
2018-02-06 SDBootCD.exe (2.7.64.109)
2018-04-20 SDCleaner.exe (2.7.64.110)
2018-04-20 SDDelFile.exe (2.7.64.94)
2018-04-20 SDFiles.exe (2.7.64.137)
2018-04-20 SDFileScanHelper.exe (2.7.64.7)
2018-04-20 SDFSSvc.exe (2.7.64.219)
2018-04-20 SDHelp.exe (2.7.64.1)
2018-02-06 SDHookHelper.exe (2.7.64.2)
2018-02-06 SDHookInst32.exe (2.7.64.2)
2018-02-06 SDHookInst64.exe (2.7.64.2)
2018-04-20 SDImmunize.exe (2.7.64.133)
2018-08-15 SDLicense.exe (2.7.65.3)
2018-04-20 SDLogReport.exe (2.7.64.107)
2018-04-20 SDOnAccess.exe (2.7.64.12)
2018-04-20 SDPESetup.exe (2.7.64.3)
2018-04-20 SDPEStart.exe (2.7.64.86)
2018-04-20 SDPhoneScan.exe (2.7.64.29)
2018-04-20 SDPRE.exe (2.7.64.22)
2018-02-06 SDPrepPos.exe (2.7.64.15)
2018-04-20 SDQuarantine.exe (2.7.64.103)
2018-02-06 SDRootAlyzer.exe (2.7.64.116)
2018-02-06 SDSBIEdit.exe (2.7.64.39)
2018-04-20 SDScan.exe (2.7.64.191)
2018-02-06 SDScript.exe (2.7.64.54)
2018-04-20 SDSettings.exe (2.7.64.139)
2018-04-20 SDShell.exe (2.7.64.2)
2018-02-06 SDShred.exe (2.7.64.108)
2018-02-06 SDSysRepair.exe (2.7.64.102)
2018-02-06 SDTools.exe (2.7.64.157)
2018-04-20 SDTray.exe (2.7.64.129)
2018-04-20 SDUpdate.exe (2.7.64.98)
2018-04-20 SDUpdSvc.exe (2.7.64.82)
2018-08-08 SDUpgrade.exe (2.7.65.0)
2018-08-15 SDWelcome.exe (2.7.65.131)
2018-02-06 SDWSCSvc.exe (2.7.64.3)
2018-09-03 Spybot3.LicenseInstaller.exe
2018-10-24 spybotsd2-install-license-installer.exe (2.7.65.0)
2019-02-22 spybotsd2-SDLicense-websitev5.exe (2.7.65.0)
2019-04-08 unins000.exe (51.1052.0.0)
2017-11-28 xcacls.exe
2017-11-28 borlndmm.dll (10.0.2288.42451)
2018-01-29 DelZip190.dll (1.9.0.119)
2018-01-29 DelZip192.dll (1.9.2.136)
2018-01-29 libeay32.dll (1.0.2.14)
2017-11-28 libssl32.dll (1.0.0.4)
2018-02-06 NotificationSpreader.dll (2.7.64.4)
2018-04-20 SDAdvancedCheckLibrary.dll (2.7.64.98)
2018-04-20 SDAV.dll (2.4.40.7)
2018-02-06 SDECon32.dll (2.7.64.114)
2018-03-23 SDECon64.dll (2.7.64.113)
2018-02-06 SDEvents.dll (2.7.64.2)
2018-04-20 SDFileScanLibrary.dll (2.7.64.24)
2018-02-06 SDHook32.dll (2.7.64.2)
2018-02-06 SDHook64.dll (2.7.64.2)
2018-04-20 SDImmunizeLibrary.dll (2.7.64.3)
2018-04-20 SDLicense.dll (2.7.64.3)
2018-04-20 SDLists.dll (2.7.64.8)
2018-02-06 SDResources.dll (2.7.64.7)
2018-04-20 SDScanLibrary.dll (2.7.64.131)
2018-04-20 SDTasks.dll (2.7.64.15)
2018-02-06 SDWinLogon.dll (2.7.64.0)
2018-01-29 sqlite3.dll (3.22.0.0)
2018-01-29 ssleay32.dll (1.0.2.14)
2018-02-06 Tools.dll (2.7.64.36)
2018-09-24 Includes\Adware-000.sbi (*)
2018-09-24 Includes\Adware-001.sbi (*)
2018-09-24 Includes\Adware-002.sbi (*)
2018-09-24 Includes\Adware-003.sbi (*)
2019-04-03 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2017-11-28 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2018-06-20 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2017-01-30 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2018-04-04 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2019-03-20 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2018-04-12 Includes\Malware-002.sbi (*)
2016-11-07 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2018-12-19 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2018-05-02 Includes\PUPS-000.sbi (*)
2018-05-02 Includes\PUPS-001.sbi (*)
2018-05-02 Includes\PUPS-002.sbi (*)
2018-05-02 Includes\PUPS-003.sbi (*)
2018-05-02 Includes\PUPS-004.sbi (*)
2019-04-03 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2018-08-01 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2019-03-06 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2017-06-28 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2017-10-25 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2018-11-28 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2017-12-01 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2018-11-28 Includes\Trojans-009.sbi (*)
2018-06-21 Includes\Trojans-010.sbi (*)
2019-04-03 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
         
Code:
ATTFilter
[i]	19-04-08 01:11:54		
[i]	19-04-08 01:11:54	Product	PU.PrivacyRisk.WOT
[+]	19-04-08 01:11:54	Moving into quarantine	C:\Users\Xx\AppData\Roaming\Mozilla\Firefox\Profiles\8vi706ih.default\WOT\storage.json
[+]	19-04-08 01:11:54	Successfully cleaned	C:\Users\Xx\AppData\Roaming\Mozilla\Firefox\Profiles\8vi706ih.default\WOT\storage.json
[i]	19-04-08 01:11:54		
[i]	19-04-08 01:11:54	Product	PU.Mindspark.PDFConverterHQ
[+]	19-04-08 01:11:54	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\PDFConverterHQ
[+]	19-04-08 01:11:54	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\PDFConverterHQ
[i]	19-04-08 01:11:54		
[i]	19-04-08 01:11:54	Product	CasaleMedia
[+]	19-04-08 01:11:54	Moving into quarantine	Cookie (Google Chrome: Default).casalemedia.com/ (CMDD)
[+]	19-04-08 01:11:54	Moving into quarantine	Cookie (Google Chrome: Default).casalemedia.com/ (CMRUM3)
[+]	19-04-08 01:11:54	Moving into quarantine	Cookie (Google Chrome: Default).casalemedia.com/ (CMSUM)
[+]	19-04-08 01:11:54	Moving into quarantine	Cookie (Google Chrome: Default).casalemedia.com/ (CMID)
[+]	19-04-08 01:11:54	Moving into quarantine	Cookie (Google Chrome: Default).casalemedia.com/ (CMPRO)
[+]	19-04-08 01:11:54	Moving into quarantine	Cookie (Google Chrome: Default).casalemedia.com/ (CMPS)
[+]	19-04-08 01:11:54	Moving into quarantine	Cookie (Google Chrome: Default).casalemedia.com/ (CMST)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).casalemedia.com/ (CMDD)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).casalemedia.com/ (CMRUM3)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).casalemedia.com/ (CMSUM)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).casalemedia.com/ (CMID)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).casalemedia.com/ (CMPRO)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).casalemedia.com/ (CMPS)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).casalemedia.com/ (CMST)
[i]	19-04-08 01:11:55		
[i]	19-04-08 01:11:55	Product	Zedo
[+]	19-04-08 01:11:55	Moving into quarantine	Cookie (Google Chrome: Default).zedo.com/ (FFIDA)
[+]	19-04-08 01:11:55	Moving into quarantine	Cookie (Google Chrome: Default).zedo.com/ (FFad)
[+]	19-04-08 01:11:55	Moving into quarantine	Cookie (Google Chrome: Default).zedo.com/ (FFcat)
[+]	19-04-08 01:11:55	Moving into quarantine	Cookie (Google Chrome: Default).zedo.com/ (FFgb)
[+]	19-04-08 01:11:55	Moving into quarantine	Cookie (Google Chrome: Default).zedo.com/ (FFgip)
[+]	19-04-08 01:11:55	Moving into quarantine	Cookie (Google Chrome: Default).zedo.com/ (ZCBC)
[+]	19-04-08 01:11:55	Moving into quarantine	Cookie (Google Chrome: Default).zedo.com/ (ZEDOIDA)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).zedo.com/ (FFIDA)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).zedo.com/ (FFad)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).zedo.com/ (FFcat)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).zedo.com/ (FFgb)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).zedo.com/ (FFgip)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).zedo.com/ (ZCBC)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).zedo.com/ (ZEDOIDA)
[i]	19-04-08 01:11:55		
[i]	19-04-08 01:11:55	Product	DoubleClick
[+]	19-04-08 01:11:55	Moving into quarantine	Cookie (Google Chrome: Default).doubleclick.net/ (IDE)
[+]	19-04-08 01:11:55	Successfully cleaned	Cookie (Google Chrome: Default).doubleclick.net/ (IDE)
[i]	19-04-08 01:11:55		
[i]	19-04-08 01:11:55	Product	7-Zip
[+]	19-04-08 01:11:55	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\7-ZIP\FM\FolderHistory
[+]	19-04-08 01:11:55	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\7-ZIP\FM\PanelPath0
[+]	19-04-08 01:11:55	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\7-ZIP\FM\FolderHistory
[+]	19-04-08 01:11:55	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\7-ZIP\FM\PanelPath0
[i]	19-04-08 01:11:55		
[i]	19-04-08 01:11:55	Product	MS Management Console
[+]	19-04-08 01:11:55	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Microsoft Management Console\Recent File List
[+]	19-04-08 01:11:55	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Microsoft Management Console\Recent File List
[i]	19-04-08 01:11:55		
[i]	19-04-08 01:11:55	Product	MS Media Player
[+]	19-04-08 01:11:55	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+]	19-04-08 01:11:55	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[i]	19-04-08 01:11:55		
[i]	19-04-08 01:11:55	Product	MS DirectDraw
[+]	19-04-08 01:11:55	Moving into quarantine	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+]	19-04-08 01:11:55	Successfully cleaned	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i]	19-04-08 01:11:55		
[i]	19-04-08 01:11:55	Product	MS DirectInput
[+]	19-04-08 01:11:55	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
[+]	19-04-08 01:11:55	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
[+]	19-04-08 01:11:55	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
[+]	19-04-08 01:11:55	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
[i]	19-04-08 01:11:55		
[i]	19-04-08 01:11:55	Product	MS Paint
[+]	19-04-08 01:11:55	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[+]	19-04-08 01:11:55	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i]	19-04-08 01:11:55		
[i]	19-04-08 01:11:55	Product	MS Regedit
[+]	19-04-08 01:11:55	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
[i]	19-04-08 01:11:56		
[i]	19-04-08 01:11:56	Product	Windows
[+]	19-04-08 01:11:56	Moving into quarantine	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+]	19-04-08 01:11:56	Moving into quarantine	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i]	19-04-08 01:11:56		
[i]	19-04-08 01:11:56	Product	Windows.OpenWith
[+]	19-04-08 01:11:56	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
[+]	19-04-08 01:11:56	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
[+]	19-04-08 01:11:56	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
[i]	19-04-08 01:11:56		
[i]	19-04-08 01:11:56	Product	Windows Explorer
[+]	19-04-08 01:11:56	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+]	19-04-08 01:11:56	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+]	19-04-08 01:11:56	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i]	19-04-08 01:11:56		
[i]	19-04-08 01:11:56	Product	Windows Media SDK
[+]	19-04-08 01:11:56	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+]	19-04-08 01:11:56	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+]	19-04-08 01:11:56	Moving into quarantine	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+]	19-04-08 01:11:56	Successfully cleaned	HKEY_USERS\S-1-5-21-2143967816-975072899-265787009-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[i]	19-04-08 01:11:56		
[i]	19-04-08 01:11:56	Product	Cookie
[+]	19-04-08 01:11:56	Moving into quarantine	Internet Explorer (Benutzer) (XX)Cookies
[+]	19-04-08 01:11:56	Moving into quarantine	Google Chrome (Default)Cookies
[+]	19-04-08 01:11:56	Successfully cleaned	Internet Explorer (Benutzer) (XX)Cookies
[+]	19-04-08 01:11:56	Successfully cleaned	Google Chrome (Default)Cookies
[i]	19-04-08 01:11:56		
[i]	19-04-08 01:11:56	Product	Cache
[+]	19-04-08 01:11:56	Moving into quarantine	Internet Explorer (Benutzer) (XX)Cache
[+]	19-04-08 01:11:56	Moving into quarantine	Opera 7+ (XX)Cache
[+]	19-04-08 01:11:56	Moving into quarantine	Google Chrome (Default)Cache
[+]	19-04-08 01:11:56	Successfully cleaned	Internet Explorer (Benutzer) (XX)Cache
[+]	19-04-08 01:11:56	Successfully cleaned	Opera 7+ (XX)Cache
[+]	19-04-08 01:11:56	Successfully cleaned	Google Chrome (Default)Cache
[i]	19-04-08 01:11:56		
[i]	19-04-08 01:11:56	Product	Verlauf
[+]	19-04-08 01:11:56	Moving into quarantine	Internet Explorer (Benutzer) (XX)History
[+]	19-04-08 01:11:56	Moving into quarantine	Opera 7+ (XX)History
[+]	19-04-08 01:11:56	Moving into quarantine	Google Chrome (Default)History
[+]	19-04-08 01:11:56	Successfully cleaned	Internet Explorer (Benutzer) (XX)History
[+]	19-04-08 01:11:56	Successfully cleaned	Opera 7+ (XX)History
[+]	19-04-08 01:11:56	Successfully cleaned	Google Chrome (Default)History
[i]	19-04-08 01:11:56		
[i]	19-04-08 01:11:56	Summary	
[i]	19-04-08 01:11:56	Errors while cleaning	0
[i]	19-04-08 01:11:56	Files moved into quarantine	45
[i]	19-04-08 01:11:56	Files successfully cleaned	45
         
__________________


Geändert von Irgendwoher2 (08.04.2019 um 01:54 Uhr) Grund: verschiebung

Alt 08.04.2019, 08:37   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tooltabextension.dll u.a. - Standard

tooltabextension.dll u.a.



Spybot ist schon länger Unsinn hoch drei, wird hier seit Jahren nicht mehr benutzt. Und notwendig zur Bereinigung war es nie. Das Tool ist einfach komplett überflüssig.

Internet Security Suites sind ebenfall kompletter Unsinn, deinstalliere das ebenso wie Spybot. Windows 8.1 und Windows 10 haben bereits ein Virenscanner eingebaut.

Gib Bescheid wenn Spybot und dieses F-Secure-Geraffel weg ist.
__________________
__________________

Alt 08.04.2019, 21:58   #4
Irgendwoher2
 
tooltabextension.dll u.a. - Standard

tooltabextension.dll u.a.



Ist erledigt. Auch noch weitere nutzlose Programme gelöscht.

Da wir den Windows Defender nicht nutzen (beisst sich mit unserem Buchhaltungsprogramm - ein Problem dass sich nicht lösen lies), sind wir derzeit halt ohne Virenschutz im Internet unterwegs.

Alt 08.04.2019, 22:01   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tooltabextension.dll u.a. - Standard

tooltabextension.dll u.a.



Was macht man denn privat mit einem Buchhaltungsprogramm oder ist das ein gewebrlich genutztes System?

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.04.2019, 22:38   #6
Irgendwoher2
 
tooltabextension.dll u.a. - Standard

tooltabextension.dll u.a.



Wie im ersten Beitrag erwähnt: privat genutzter Computer. Es ist kein eigentliches Buchhaltungsprogramm, sondern eine Multibanking-Software. Haben wir schon vor meiner Pensionierung genutzt, und nutzen sie jetzt weiter.

Wären wirklich dankbar für Hilfe, da durch das Deinstallieren der Antivirensoftware auch kein Schutz mehr gegen die vorher in der Quarantäne befindliche Schadsoftware vorhanden ist. Und Internet wird halt auch weitergenutzt.

Geändert von Irgendwoher2 (08.04.2019 um 22:59 Uhr)

Alt 09.04.2019, 08:01   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tooltabextension.dll u.a. - Standard

tooltabextension.dll u.a.



Dann kann dieses Mutlibankingtool aber nicht viel taugen. Ich höre zum ersten Mal davon, dass der Windows Defender ein Programm komplett blockiert. Aber helfen kann man hier auch wieder nicht, weil du den Namen der Software verschweigst.

Fakt ist jedenfalls, dass 3rd party Virenscanner v.a. Security Suites mehr schaden als nutzen.

Zitat:
Gestartet von C:\Users\Xx\AppData\Local\Microsoft\Windows\INetCache\IE\VXEVB054
Windows 8.1 (Update) (X64) (2014-01-18 13:24:01)
Wie kommt man denn auf die Idee, aus dem Tempordner FRST zu starten? Hast du die Anleitungen zu FRST nicht richtig gelesen? Mach neue Logs aber bitte richtig.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Geändert von cosinus (09.04.2019 um 08:16 Uhr)

Alt 11.04.2019, 07:16   #8
Irgendwoher2
 
tooltabextension.dll u.a. - Standard

tooltabextension.dll u.a.



Werde die Logs nochmals neu machen und bis spätestens morgen früh hochladen.

Antwort

Themen zu tooltabextension.dll u.a.
.dll, automatisch, besser, browser, clean, computer, datei, explorer, fehler, frage, fragen, gleichzeitig, homepage, internet, internet explorer, internet security by f-secure, pdfconverter, probleme, programme, prüfen, quarantäne, security, seltsame, spybot, system, tool, tooltabextension.dll, webseite



Zum Thema tooltabextension.dll u.a. - 1. Problemkind: Familiencomputer der von drei Personen (ohne sonderlich viel PC-Wissen) genutzt wird. Windows 8.1 Swisscom Internet Security by F-Secure (ISbF) 2. Problem: Diverse Probleme mit Browsern und anderen Programmen - tooltabextension.dll u.a....
Archiv
Du betrachtest: tooltabextension.dll u.a. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.