| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win10: Adware.Yontoo (von Malwarebytes bemerkt) lässt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.08.2019, 16:34
| #1 |
| |  Win10: Adware.Yontoo (von Malwarebytes bemerkt) lässt sich nicht entfernen Hallo, zunächst mein anfänglich beobachtetes Symptom: immer, wenn ich Chrome gestartet habe, öffnete sich eine weitere Seite, die aussah wie die Google-Seite aber eine andere URL hatte. Ich habe das zuerst einige Wochen ignoriert (Seite einfach geschlossen, usw.). Irgendwann wollte ich mich der Thematik annehmen und habe Malwarebytes installiert. Angezeigt wurde Adware.Yontoo und Adware.Elex.ShrtCln. Ich habe mehrmal versucht, mit Malwarebytes und adwcleaner aufzuräumen. Vor 3-4 Tagen, als ich mal alle Maßnahmen in empfohlener Reihenfolge gemacht habe (zB Brower zurücksetzen usw.) hatte ich auch mal den Eindruck, dass MWB 1-2 Tage nicht bei seinen Scans gefunden hat. Jetzt ist allerdings nicht mehr runter zu bekommen. Ich habe versucht, mich strikt an die vorgeschlagenen Vorgehensweisen zu halten, bekomme die MW aber nicht runter. Jede Hilfe wäre super! Und bitte entschuldigt, wenn ich nicht alle Policies richtig beachte. Ich tue mein Bestes - nehme aber gerne kritisches Feedback. Viele Grüße Volker Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2019 01
durchgeführt von Volker (Administrator) auf TERRA1-VOLKER (Wortmann_AG TERRA_MOBILE_1529H) (07-08-2019 15:40:03)
Gestartet von C:\Users\Volker\Downloads
Geladene Profile: Volker (Verfügbare Profile: Volker & nicol_3e88ss9)
Platform: Windows 10 Home Version 1903 18362.267 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() [Datei ist nicht signiert] C:\Program Files (x86)\Hotkey\Hotkey.exe
() [Datei ist nicht signiert] C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon Services LLC -> Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Buhl Data Service GmbH -> Buhl Data Service GmbH) C:\Program Files (x86)\Buhl\WISO Mein Geld 365\Buhl.MeinGeld.UpdateService.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HexaD) [Datei ist nicht signiert] C:\Program Files\Duplicati\Duplicati.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Kenneth Skovhede -> Duplicati Team) C:\Program Files\Duplicati 2\Duplicati.GUI.TrayIcon.exe
(Kenneth Skovhede -> Duplicati Team) C:\Program Files\Duplicati 2\Duplicati.GUI.TrayIcon.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Volker\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.24.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Vimicro Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
(Wolters Kluwer Deutschland GmbH -> ) C:\Program Files (x86)\Lexware\AAVUpdateManager\aavus.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-11-22] (Acronis International GmbH -> )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobePSE17AutoAnalyzer] => C:\Program Files\Adobe\Elements 2019 Organizer\Elements Auto Creations 2019.exe [3058696 2018-08-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-05-07] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4848280 2019-02-01] (Acronis International GmbH -> )
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [588288 2016-01-08] (Nikon Corporation) [Datei ist nicht signiert]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2010-09-10] (Vimicro Corporation) [Datei ist nicht signiert]
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-10-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKU\S-1-5-21-1556041428-3881349040-2780954237-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46993264 2019-06-27] (Google LLC -> )
HKU\S-1-5-21-1556041428-3881349040-2780954237-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1556041428-3881349040-2780954237-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1556041428-3881349040-2780954237-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1556041428-3881349040-2780954237-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1556041428-3881349040-2780954237-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-05-08] (Apple Inc. -> Apple Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-07] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2016-03-09]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Amazon Services LLC -> Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati 2.lnk [2019-01-29]
ShortcutTarget: Duplicati 2.lnk -> C:\Program Files\Duplicati 2\Duplicati.GUI.TrayIcon.exe (Kenneth Skovhede -> Duplicati Team)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati.lnk [2017-06-11]
ShortcutTarget: Duplicati.lnk -> C:\Program Files\Duplicati\Duplicati.exe (HexaD) [Datei ist nicht signiert]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2016-03-09]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe () [Datei ist nicht signiert]
Startup: C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2019-08-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-03-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00E38A4D-4A31-4061-9FFB-58CEFD01AEC7} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-volker.mueller-lausus@outlook.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {0B28FB70-784A-4ED5-A42F-048DC753C830} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {0CEE207C-F34A-4267-866A-D6106ACFBE1C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {109D9139-5C1A-4A8D-9D82-0F8513553D25} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {12B822B0-1355-4337-9EE1-D4EC53C2715E} - System32\Tasks\HPCeeScheduleForVolker => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {13ED9F08-9C7D-436D-9DF9-095A12CD2D5A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {157D869B-B528-4D5D-95EF-7ABB257067A0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {16A8E334-8729-4CCC-B14E-5E65ED9B021C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {18C003CB-077B-4545-98E7-D1D5D76B916A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1083768 2019-07-12] (HP Inc. -> HP Inc.)
Task: {1AAAF95F-B2E5-40A6-8E56-6E9A8A75796F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {1AD37C84-F2B0-4CFC-B273-DFE1689B0C96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {26379486-9E93-4D98-806D-058FB8F24A7A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1551488 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DF43334-5F93-429C-85EB-524A25F3DA87} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-volker.mueller-lausus@outlook.de => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3C67D54F-4F6B-4F16-BE96-F76067FBA237} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-11] (Google Inc -> Google Inc.)
Task: {43368217-959B-4B7F-980D-22B8F20D2108} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {4538D0C1-FE2A-4681-B21F-6FD983972B63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN55PFK1QW => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1083768 2019-07-12] (HP Inc. -> HP Inc.)
Task: {4691F152-ACC5-451C-844B-EB3121BDC3C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {520BA743-6A9C-4777-B259-919E432D1C30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {65DD1C3E-FC64-446D-BF37-D95DA46DC1FC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {6DF32D8C-8BCE-4A2D-8A62-28F027A242C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7E20F76F-0E5D-4FDC-B29B-0199555FF16A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {7EF59153-C588-4528-8574-07F64872ED3A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8CB091A9-E98E-411A-8A64-D37FDCB4F650} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-18] (HP Inc. -> )
Task: {9A2F3AC9-EE13-4F3F-9D17-A652903AE35C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DAE5730-E409-4559-BF2E-8E000C6515D4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {9F6E084B-AFEF-4EDF-9585-7136F7738AD8} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {AD6000E4-793B-4AC3-89FD-369559360FE5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {AD770261-96C3-4267-B763-2E04F087E3C5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {AFD90D2C-6AD9-4C8D-997D-666998AC47BF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1E9D957-C359-4697-B024-8FA41CB1F243} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {B2983C8B-69EE-4D01-8061-A0B8A73236F3} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {B8FA30A4-BA89-459F-B8B4-E4D0BC6183DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [243576 2019-07-23] (HP Inc. -> HP Inc.)
Task: {C23E4D48-D5C4-4F94-8924-983098681C57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C6AF1ADF-85C2-4AB9-AF63-622153A6786A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {C901BA1D-56BF-4960-9A61-36CA87AC8AF9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CFFBD963-3A5A-4EA6-B629-B00BD550BD77} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {E016D48F-F59F-4864-8C71-BE576F547257} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-nicola@lausus.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E0534362-B723-44CF-BAD6-E7ED5AD2F965} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {E3E5D7EE-194F-42ED-B2AE-F112E58E0C16} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA434163-7679-4E71-9875-115B0A8D1AEE} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-nicola@lausus.de => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {F115B907-1BB2-42F3-A043-18F5CFE7646E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447064 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5E69543-D045-400E-ACA7-7962A4EF1AFB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6F94ED5-BA5E-4805-804E-4596981D3F25} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [136618864 2019-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {FEF9E6A8-0F63-4D53-98DE-F05FB7089167} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-11] (Google Inc -> Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForVolker.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ACHTUNG (Beschränkung - ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{bb60894a-94c6-4104-97b7-c29716e2cf8e}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{c3bcd9a5-f18d-4b21-820b-b5cd81ca27b7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{c49e2f5b-1e3d-4284-84aa-022d5f35e4ac}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131354583107966154&GUID=7547D93E-3129-46CA-8F50-695401EA43BA
HKU\S-1-5-21-1556041428-3881349040-2780954237-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com
HKU\S-1-5-21-1556041428-3881349040-2780954237-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKLM -> DefaultScope {B865055F-8B0D-4F69-B5D7-3A0FB67FA1B0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> OldSearch URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {B865055F-8B0D-4F69-B5D7-3A0FB67FA1B0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1556041428-3881349040-2780954237-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1556041428-3881349040-2780954237-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-1556041428-3881349040-2780954237-1001 -> {B865055F-8B0D-4F69-B5D7-3A0FB67FA1B0} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2018-03-30] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 5fuf59q2.default-1484513631096-1565097858279
FF ProfilePath: C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\5fuf59q2.default-1484513631096-1565097858279 [2019-08-06]
FF Extension: (Hotfix for Firefox bug 1548973 (armagaddon 2.0) mitigation) - C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\5fuf59q2.default-1484513631096-1565097858279\features\{ab02bf00-9999-49c9-9a81-bad2642826af}\hotfix-bug-1548973@mozilla.org.xpi [2019-08-06] [Legacy]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @huawei.com/NPPlugin -> C:\Program Files (x86)\Magenta_TV_Mobil_Web_Plugin\WebTVPlugin\NPPlugin.dll [2019-03-27] (Deutsche Telekom AG -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1556041428-3881349040-2780954237-1001: SkypePlugin -> C:\Users\Volker\AppData\Local\SkypePlugin\7.14.0.184\npGatewayNpapi.dll [2016-02-05] (Microsoft Corporation -> Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1556041428-3881349040-2780954237-1001: SkypePlugin64 -> C:\Users\Volker\AppData\Local\SkypePlugin\7.14.0.184\npGatewayNpapi-x64.dll [2016-02-05] (Microsoft Corporation -> Skype Technologies S.A.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggWIlwJUltDGBgUJg4KTA0XEgIOIgxZABRFFwETcgxeV1oVEA0FIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8TkdGC1dXFg=="
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.de/","hxxp://youandme.telekom.de/","hxxp://www.mystartsearch.com/?type=hp&ts=1440647254&z=e780cd20b2f60d0003bebe0g1z0zee0q2zcm1g2c0w&from=cvs2&uid=INTELXSSDSC2BW240A4_CVDA5064051Z2403GN","hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggWIlwJUltDGBgUJg4KTA0XEgIOIgxZABRFFwETcgxeV1oVEA0FIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8TkdGC1dXFg==","hxxps://www.google.com/"
CHR Profile: C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default [2019-08-07]
CHR Extension: (Präsentationen) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2019-07-03]
CHR Extension: (Docs) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-22]
CHR Extension: (Skype-Anrufe) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-03-22]
CHR Extension: (YouTube) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-22]
CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2017-03-22]
CHR Extension: (Google-Suche) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-15]
CHR Extension: (Session Buddy) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-02-02]
CHR Extension: (Tabellen) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-07-27]
CHR Extension: (feedly) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2017-03-22]
CHR Extension: (Floating for YouTube™) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2017-03-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-22]
CHR Extension: (Subtitle Videoplayer) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\naikohapihpbhficdpbddmgbhiccijca [2017-03-22]
CHR Extension: (FreshStart - Cross Browser Session Manager) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2015-04-11]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-10]
CHR Extension: (Google Mail) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-22]
CHR HKU\S-1-5-21-1556041428-3881349040-2780954237-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AAV UpdateService; C:\Program Files (x86)\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] (Wolters Kluwer Deutschland GmbH -> )
R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2725920 2018-04-03] (Acronis International GmbH -> Acronis International GmbH)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [357240 2019-07-05] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542016 2018-11-20] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel(R) pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-10-16] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-10-16] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1745344 2019-02-01] (Acronis International GmbH -> )
R2 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46080 2013-07-09] () [Datei ist nicht signiert]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-18] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11969880 2019-07-03] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WISOMeinGeld365ProfessionalUpdatedienst; C:\Program Files (x86)\Buhl\WISO Mein Geld 365\Buhl.MeinGeld.UpdateService.exe [121848 2019-07-16] (Buhl Data Service GmbH -> Buhl Data Service GmbH)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AirplaneModeHid; C:\WINDOWS\system32\DRIVERS\AirplaneModeHid.sys [33488 2015-06-25] (Insyde Software Corp. -> Insyde Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2019-02-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2019-02-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [144528 2018-11-20] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-27] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2019-03-19] (Microsoft Windows -> Intel Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation -> Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek Semiconductor Corp -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-09-18] (Synaptics Incorporated -> Synaptics Incorporated)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2019-02-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2019-02-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2019-02-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2019-02-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [199552 2011-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2019-02-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 vvftUVC; C:\WINDOWS\system32\drivers\vvftUVC.sys [303744 2011-05-27] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-27] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-27] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-27] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
|
| Themen zu Win10: Adware.Yontoo (von Malwarebytes bemerkt) lässt sich nicht entfernen |
| adware.yontoo, andere, angezeigt, bestes, brower, einfach, entferne, entfernen, folge, geschlossen, gestartet, ignoriert, malwarebytes, nicht mehr, richtig, runter, scans, seite, tagen, thema, versucht, vorgehensweise, win, windowsapps, woche, wochen, zurücksetzen |
Baum-Darstellung