Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: MSIL.Trojan.Kryptik.RN

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Thema geschlossen
Alt 04.11.2021, 11:30   #1
Scott1980
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



Hallo,

G-Data hat folgendes gefunden und in die Datei in die Quarantäne verschoben.

Hier der Log von G Data

Code:
ATTFilter
Datei: C:\ProgramData\Lenovo\Vantage\Addins\Lenovo.Vantage.SmartPerformanceAddin\1.0.0.144\SmartCareSDK.dll
Virus: MSIL.Trojan.Kryptik.RN (Engine B)
Engines: Engine A: AVA 25.31243, Engine B: GD 27.25028
Der Leerlauf-Scan wird fortgesetzt.
         
FRST.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2021
Ran by sempe (administrator) on LAPTOP-G4EJFLFU (LENOVO 81W2) (04-11-2021 11:13:56)
Running from C:\Users\Internet\Desktop
Loaded Profiles: sempe & Internet
: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361437.inf_amd64_b82dc71fab24f1f3\B361368\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361437.inf_amd64_b82dc71fab24f1f3\B361368\atiesrxx.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(devolo AG -> devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DABB4F~1.INF\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0222c12a396c055f\DAX3API.exe
(G DATA CyberDefense AG -> G Data CyberDefense AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\DnsCloudClientHost64.exe
(G DATA CyberDefense AG -> G DATA CyberDefense AG) C:\Program Files (x86)\G DATA\TotalSecurity\AVKTray\AVKTray.exe
(G DATA CyberDefense AG -> G DATA CyberDefense AG) C:\Program Files (x86)\G DATA\TotalSecurity\GUI\GDSC.exe
(G DATA CyberDefense AG -> G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G DATA CyberDefense AG -> G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G DATA CyberDefense AG -> G Data Software AG) C:\Program Files (x86)\G DATA\TotalSecurity\AVK\AVKWCtlx64.exe
(G DATA CyberDefense AG -> G DATA Software AG) C:\Program Files (x86)\G DATA\TotalSecurity\AVKBackup\AVKBackupService.exe
(G DATA CyberDefense AG -> G DATA Software AG) C:\Program Files (x86)\G DATA\TotalSecurity\Firewall\GDFirewallTray.exe
(G DATA CyberDefense AG -> G Data Software AG) C:\Program Files (x86)\G DATA\TotalSecurity\Firewall\GDFwSvcx64.exe
(G DATA Software AG -> G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G DATA Software AG -> G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltSur64.exe
(G DATA Software AG -> G Data Software AG) C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.Amd64.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.x86.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d345565ec73a109\RtkAudUService64.exe <2>
(Shenzhen Goodix Technology Co., Ltd. -> Goodix) C:\Windows\System32\drivers\SessionService.exe
0 C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.1.22.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
0 C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21084.79.0_x64__8wekyb3d8bbwe\YourPhone.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d345565ec73a109\RtkAudUService64.exe [1230392 2021-01-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\Run: [GDataUsbProtection] => C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1412216 2014-09-05] (G DATA Software AG -> G Data Software AG)
HKLM-x32\...\RunOnce: [AVKSig] => cmd /c "start "" "C:\Program Files (x86)\G DATA\TotalSecurity\AVK\AVK.exe" /VirUpdt:B"
HKU\S-1-5-21-2254628894-3832615501-915599853-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\Mozilla Firefox\firefox.exe -os-restarted
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\...\Run: [381BF5FBD1BF031E733D979F800D1F397599C48C._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\...\Run: [MicrosoftEdgeAutoLaunch_8F3D81AFF99A6A750B733B4DAFFB12B7] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\...\MountPoints2: {0b14e3fa-4396-11eb-aa7e-000ec68e8eac} - "D:\HiSuiteDownLoader.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2020-12-29]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D5335DF-5F5E-4D0A-B0B3-EBF4CA1F3A53} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {14133F4D-C859-4940-8966-430D2536A368} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.11.630\mcdatrep.exe
Task: {16FF2A2C-ACE8-42CF-B3F2-DC5824664F5B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\21b2ec3b-e975-4bd6-9108-97b4ea81a20e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {17F81626-8549-4FFE-A7D2-3E826B8F2D9F} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {2DB4D12E-073E-44BC-AAE7-0262A6A612E1} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {305CCD2D-F337-4444-8B95-09A9993F519A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E52E901-630A-438B-9949-AB2D33BBF3C0} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {49EC16ED-6902-4339-9DB1-99CEB30394FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {5576C1FA-CE10-44D3-96E1-0317C185CEB4} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-28] (Corel Corporation -> Corel Corporation)
Task: {75CF40F8-99E3-4CDF-81CF-1D196B9A90ED} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {78C25AF3-CC0B-4BDE-BBB8-675BBDF6BAB6} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {83425B11-80D6-4D72-9A00-D0318A25E4A8} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe
Task: {85C7EB81-95F2-4B98-A540-CD1B1532553B} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {8D27360C-FA72-435F-A226-ADA06A59460A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\936aa4d1-6a42-4a9d-bb73-30bb37d53c02 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {99A465BF-D281-4814-B30C-0D89D587C84D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5f8d3f40-126a-42b0-bd26-bd1554700f31 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {AF6A162E-4720-432A-965B-523260CF2BC7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {B11E96B7-2BFC-4A4F-8D90-766BA627E3DC} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {B82D1C74-C8DB-4099-81DC-38E9A22B2317} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7f681fad-7678-4481-b079-21cc23edb78f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {C47EEF6F-C79E-46B3-871A-CC827E8ADD88} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {C514E35E-F5D6-4498-A847-E9FBDBCAFD84} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1bd61561-cacf-4225-8ecb-5ecf17710240 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {DCDDADC3-ADA6-4DE0-93D3-C57AF1D54A9B} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.126\DADUpdater.exe
Task: {E1E346AF-36CE-4766-8969-2A38A0563307} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {E29CA6C0-A05A-4755-B4CF-D7E530801F4E} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {EF56D83C-4394-4A89-BD7B-AC5C15D7802A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62440 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {FB0459BF-0020-4395-932A-55EA0E3E73A9} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {FB89780E-AB89-4CC0-A14A-CDAE3DC4D174} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    gdpwmgrlocalhost
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{b21f1183-c1be-4ff1-86a2-148826aff19c}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d2c0cdde-b6dc-41db-a8de-286ccbcdab5c}: [DhcpNameServer] 150.209.1.2
Tcpip\..\Interfaces\{ebfbc786-898a-4bb2-988a-e88e61efb80b}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\sempe\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-22]

FireFox:
========
FF DefaultProfile: uw4f7abg.default
FF ProfilePath: C:\Users\sempe\AppData\Roaming\Mozilla\Firefox\Profiles\uw4f7abg.default [2020-10-25]
FF ProfilePath: C:\Users\sempe\AppData\Roaming\Mozilla\Firefox\Profiles\q5adzvby.default-release [2020-11-22]
FF Homepage: Mozilla\Firefox\Profiles\q5adzvby.default-release -> www.web.de
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [7448832 2021-07-22] (G DATA CyberDefense AG -> G DATA Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\TotalSecurity\AVK\AVKWCtlx64.exe [4179424 2021-07-22] (G DATA CyberDefense AG -> G Data Software AG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-12] (Microsoft Corporation -> Microsoft Corporation)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [6108344 2021-07-13] (devolo AG -> devolo AG)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0222c12a396c055f\DAX3API.exe [2301912 2021-01-04] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [334728 2020-12-20] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R3 GDBackupSvc; C:\Program Files (x86)\G DATA\TotalSecurity\AVKBackup\AVKBackupService.exe [5738056 2021-07-22] (G DATA CyberDefense AG -> G DATA Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G DATA\TotalSecurity\Firewall\GDFwSvcx64.exe [6813048 2021-07-22] (G DATA CyberDefense AG -> G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [1995648 2021-07-22] (G DATA CyberDefense AG -> G DATA Software AG)
S3 GDTunerSvc; C:\Program Files (x86)\G DATA\TotalSecurity\AVKTuner\AVKTunerService.exe [4254792 2021-07-22] (G DATA CyberDefense AG -> G DATA CyberDefense AG)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe [539128 2021-08-26] (Lenovo -> Lenovo(beijing) Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe [31248 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1820080 2021-02-06] (Lenovo -> Lenovo(beijing) Limited)
S3 TSNxGService; C:\Program Files (x86)\G DATA\TotalSecurity\TSNxG\TSNxGService.exe [262560 2017-12-07] (G DATA Software AG -> G DATA Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S0 GDElam; C:\WINDOWS\System32\DRIVERS\GDElam.sys [234432 2021-05-13] (Microsoft Windows Early Launch Anti-Malware Publisher -> G DATA CyberDefense AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [49808 2021-07-26] (G DATA Software AG -> G DATA Software AG)
S3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker64.sys [30720 2020-11-22] (G DATA Software AG -> G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [38984 2020-11-22] (G DATA Software AG -> G DATA Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [806824 2021-07-26] (Microsoft Windows Hardware Compatibility Publisher -> G DATA CyberDefense AG)
R3 GDNetflt; C:\WINDOWS\System32\DRIVERS\gdnetflt.sys [147880 2020-09-03] (G DATA Software AG -> G DATA Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [276880 2021-07-26] (Microsoft Windows Hardware Compatibility Publisher -> G DATA CyberDefense AG)
R1 gdwfpcd; C:\WINDOWS\System32\drivers\gdwfpcd64.sys [97560 2021-07-26] (G DATA Software AG -> G DATA Software AG)
S3 GRD; C:\Windows\system32\drivers\GRD.sys [125640 2021-06-18] (G DATA Software AG -> G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [291720 2021-07-26] (Microsoft Windows Hardware Compatibility Publisher -> G DATA CyberDefense AG)
R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2021-07-13] (devolo AG -> Riverbed Technology, Inc.)
S3 TDKLIB; c:\windows\TempInst\TdkLib64.sys [37288 2021-07-27] (Phoenix Technologies Ltd. -> )
R0 TS4NT; C:\WINDOWS\System32\Drivers\TS4nt.sys [109128 2021-07-26] (G DATA Software AG -> G DATA Software AG)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========
         


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2021
Ran by sempe (04-11-2021 11:16:00)
Running from C:\Users\Internet\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) (2021-03-15 16:12:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2254628894-3832615501-915599853-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2254628894-3832615501-915599853-503 - Limited - Disabled)
Gast (S-1-5-21-2254628894-3832615501-915599853-501 - Limited - Disabled)
Internet (S-1-5-21-2254628894-3832615501-915599853-1003 - Limited - Enabled) => C:\Users\Internet
sempe (S-1-5-21-2254628894-3832615501-915599853-1001 - Administrator - Enabled) => C:\Users\sempe
WDAGUtilityAccount (S-1-5-21-2254628894-3832615501-915599853-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA TOTAL SECURITY (Enabled - Up to date) {985B4C1F-0949-5361-4D6D-E6923882F28D}
AV: G DATA TOTAL SECURITY (Disabled - Up to date) {306EF9D4-90EF-3FB7-151E-73C2982F8C0E}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: G DATA TOTAL SECURITY (Disabled) {085578F1-DA80-3EEF-3E41-DAF766FCCB75}
FW: G DATA TOTAL SECURITY (Enabled) {A060CD3A-4326-5239-6632-4FA7C651B5F6}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 5.1.7.638 - devolo AG)
G DATA TOTAL SECURITY (HKLM-x32\...\G DATA TOTAL SECURITY) (Version: 25.5.11.316 - G DATA Software AG)
G DATA USB KEYBOARD GUARD (HKLM-x32\...\{D8CBD59F-B29D-4E38-9D66-DEAEAB473FA9}) (Version: 1.1.0.4 - G DATA Software AG)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.9.23.0 - Lenovo Group Ltd.)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.14527.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2254628894-3832615501-915599853-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2254628894-3832615501-915599853-1003\...\OneDriveSetup.exe) (Version: 21.205.1003.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 93.0 (x64 de)) (Version: 93.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)

Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-10-22] (Advanced Micro Devices Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0 [2020-10-25] (Spotify AB) [Startup Task]
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.5.0_x86__xpfg3f7e9an52 [2021-03-15] (New Work SE)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2254628894-3832615501-915599853-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
ContextMenuHandlers1: [AVK9CM] -> {CAF4C320-32F5-11D3-A222-004095200FF2} => C:\Program Files (x86)\G DATA\TotalSecurity\AVK\ShellExt64.dll [2021-07-22] (G DATA CyberDefense AG -> G DATA Software AG)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-28] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [Reisswolf] -> {1F0F1EE7-36B9-11D2-8985-0080ADA96E9B} => C:\Program Files (x86)\G DATA\TotalSecurity\Shredder\Reisswlf64.dll [2021-07-21] (G DATA CyberDefense AG -> G DATA Software AG)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-28] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers6: [AVK9CM] -> {CAF4C320-32F5-11D3-A222-004095200FF2} => C:\Program Files (x86)\G DATA\TotalSecurity\AVK\ShellExt64.dll [2021-07-22] (G DATA CyberDefense AG -> G DATA Software AG)
ContextMenuHandlers6: [Reisswolf] -> {1F0F1EE7-36B9-11D2-8985-0080ADA96E9B} => C:\Program Files (x86)\G DATA\TotalSecurity\Shredder\Reisswlf64.dll [2021-07-21] (G DATA CyberDefense AG -> G DATA Software AG)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-28] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-06-03 13:49 - 2020-11-03 04:08 - 000954864 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2254628894-3832615501-915599853-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=LCTE
HKU\S-1-5-21-2254628894-3832615501-915599853-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=LCTE
HKU\S-1-5-21-2254628894-3832615501-915599853-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=LCTE
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=LCTE
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2020-11-22 10:55 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1    gdpwmgrlocalhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2254628894-3832615501-915599853-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{371C709C-AA2B-4FB9-B234-6355C5AE99AE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7F56A6DC-9FD7-4D61-8BED-AA0D23875E33}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{94A4C14F-2DDC-4AAC-A641-6DE125F9139F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5EEF9EE5-3026-4EA8-9017-638D0660BEFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0C58299-DD1A-4DB9-91C2-3E7DA791526B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DCAE5E55-9EE6-408E-BF4C-5AFFD4155946}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A8BD4F22-7FA7-4C9B-B049-B595DD6351E9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C94787AF-C99D-404B-8991-745A66E86B8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D5D734F6-CB86-4991-B8EC-3B15948CE94E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8A336A34-A722-4A5F-922C-1B131FEF036E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D11CB514-705B-4909-9812-3E8AE82D9E00}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{F8DCF6C0-6910-4100-B5C4-A92D1025F15D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{BA6CDC99-0A43-4DAC-AF76-D91C5E9C186B}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{66BC6317-7227-46B3-BD7A-F0204AF520EE}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{D17C6C22-2149-4776-A77B-4F1E9668D4F9}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{5EDC9148-6454-44A3-8F2D-590C963A537F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8B0DCBF-2E2F-4F6C-B758-9D0B8162397B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.40\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{93F9210E-738D-4D39-A1C1-EC210F9E0412}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61D35EA1-10B5-4D61-8680-A795F7893F2F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{768F99C8-DE9A-4949-9072-C0ACD1335AC0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{917E385F-2731-456F-B5E1-B758DAB18EB4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B30E4A9B-7098-4039-B4C5-2FCFB25A80E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4CB914E5-E189-4D8B-AE9E-A9173FAC7450}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{164D6280-C1FF-4B50-A174-C44B450462BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5D4EECBD-3A88-4B65-AA47-4B2E32EDF343}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D06AFE23-11C6-4106-B94D-B4136DE1D512}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CB68D1AD-6C1A-492E-BD98-6E12245F0DB5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C23D9A42-CB9C-4689-B114-16A58BA1A1D7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1ED6EA16-17D8-40D4-B5B0-C64CB3822A4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

16-10-2021 12:52:26 Windows Modules Installer
04-11-2021 10:02:43 Geplanter Prüfpunkt

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/20/2021 12:21:13 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\LAPTOP-G4EJFLFU$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 20 Oct 2021 11:21:12 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 5d5519bc-1413-4d77-9cc0-bf66c1bf9a4a

Methode: GET(313ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (10/16/2021 01:31:18 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\LAPTOP-G4EJFLFU$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 16 Oct 2021 12:31:17 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 3097dc34-c88b-4432-95a3-cd4e3c083489

Methode: GET(485ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (10/16/2021 01:15:18 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\LAPTOP-G4EJFLFU$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 16 Oct 2021 12:15:17 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 217eff05-78d5-46c3-8678-510bbe32ddaf

Methode: GET(484ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (10/16/2021 01:14:16 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]

Error: (10/16/2021 01:14:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.

Error: (10/16/2021 01:14:16 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]

Error: (10/16/2021 01:14:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.

Error: (10/16/2021 01:14:16 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]


System errors:
=============
Error: (11/04/2021 10:00:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9PCMMNB260TX-E0469640.LenovoUtility

Error: (11/03/2021 10:53:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LenovoVantageService" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (10/27/2021 10:02:48 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-G4EJFLFU)
Description: Der Server "{FD06603A-2BDF-4BB1-B7DF-5DC68F353601}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/25/2021 02:10:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LenovoVantageService" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (10/22/2021 01:37:06 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-G4EJFLFU)
Description: Der Server "Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (10/21/2021 09:04:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LenovoVantageService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/20/2021 12:20:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎10.‎2021 um 13:16:14 unerwartet heruntergefahren.

Error: (10/20/2021 07:46:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LenovoVantageService" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.


CodeIntegrity:
===============
Date: 2021-11-04 10:55:59
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\G DATA\TotalSecurity\AVK\avkwscpe.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-04 10:55:59
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Common Files\G Data\AVKProxy\GDAMSIx64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

BIOS: LENOVO E8CN28WW 05/14/2021
Motherboard: LENOVO LNVNB161216
Processor: AMD Athlon Silver 3050U with Radeon Graphics 
Percentage of memory in use: 86%
Total physical RAM: 6020.26 MB
Available physical RAM: 826.5 MB
Total Virtual: 10078.19 MB
Available Virtual: 1619.44 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:175.54 GB) NTFS

\\?\Volume{f83ec5a2-9135-4364-91d7-a57b2cfe6fc7}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{ef163d40-a52d-42e8-a2dc-55f7a0a600ce}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 0B4A8150)

Partition: GPT.

==================== End of Addition.txt =======================
         

Shortcut.txt

Code:
ATTFilter
Users shortcut scan result (x64) Version: 02-11-2021
Ran by sempe (04-11-2021 11:17:25)
Running from C:\Users\Internet\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk -> C:\Program Files\WinZip\winzip64.exe (WinZip Computing)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip.lnk -> C:\Program Files\WinZip\winzip64.exe (WinZip Computing)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office-Spracheinstellungen.lnk -> C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA USB KEYBOARD GUARD\G DATA USB KEYBOARD GUARD.lnk -> C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe (G Data Software AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA TOTAL SECURITY\G DATA Bootmedium.lnk -> C:\Program Files (x86)\G DATA\TotalSecurity\AVK\BootCDWizard.exe (G DATA Software AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA TOTAL SECURITY\G DATA TOTAL SECURITY.lnk -> C:\Program Files (x86)\G DATA\TotalSecurity\GUI\GDSC.exe (G DATA CyberDefense AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo\devolo Cockpit.lnk -> C:\Program Files (x86)\devolo\dlan\frontend\plcnetui.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\sempe\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\Links\Desktop.lnk -> C:\Users\Internet\Desktop ()
Shortcut: C:\Users\Internet\Links\Downloads.lnk -> C:\Users\Internet\Downloads ()
Shortcut: C:\Users\Internet\Desktop\Meine Garantie.lnk -> C:\Users\Internet\AppData\Roaming\Lenovo\LenovoWelcome\icons\Warranty.ico ()
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Internet\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\devolo Cockpit.lnk -> C:\Program Files (x86)\devolo\dlan\frontend\plcnetui.exe ( )
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\G DATA TOTAL SECURITY.lnk -> C:\Program Files (x86)\G DATA\TotalSecurity\GUI\GDSC.exe (G DATA CyberDefense AG)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\WinZip.lnk -> C:\Program Files\WinZip\winzip64.exe (WinZip Computing)
Shortcut: C:\Users\sempe\Links\Desktop.lnk -> C:\Users\sempe\Desktop ()
Shortcut: C:\Users\sempe\Links\Downloads.lnk -> C:\Users\sempe\Downloads ()
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\sempe\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\HideBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,HideBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LaunchPinVantageToolbarToast.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,LaunchPinVantageToolbarToast
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\SetMenuItemNameofBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,SetMenuItemNameofBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\ShowBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,ShowBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\UnloadBatteryGaugeFromExplorer.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,UnloadBatteryGaugeFromExplorer
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\UnpinFromTaskbar.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,UnpinFromTaskbar
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\UpdateBatteryGaugeToastInfo.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,UpdateBatteryGaugeToastInfo
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\HideBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,HideBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LaunchPinVantageToolbarToast.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,LaunchPinVantageToolbarToast
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\SetMenuItemNameofBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,SetMenuItemNameofBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\ShowBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,ShowBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\UnloadBatteryGaugeFromExplorer.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,UnloadBatteryGaugeFromExplorer
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\UnpinFromTaskbar.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,UnpinFromTaskbar
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\UpdateBatteryGaugeToastInfo.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,UpdateBatteryGaugeToastInfo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Internet\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Internet\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\sempe\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\sempe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\sempe\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\sempe\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default


InternetURL: C:\Users\Internet\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Internet\Favorites\Lenovo\Lenovo Support.url -> URL: hxxp://support.lenovo.com/
InternetURL: C:\Users\Internet\Favorites\Lenovo\Lenovo.url -> URL: hxxp://www.lenovo.com/
InternetURL: C:\Users\sempe\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\sempe\Favorites\Lenovo\Lenovo Support.url -> URL: hxxp://support.lenovo.com/
InternetURL: C:\Users\sempe\Favorites\Lenovo\Lenovo.url -> URL: hxxp://www.lenovo.com/

==================== End of Shortcut.txt =============================
         

Alt 04.11.2021, 12:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



Auch wenn das nur ein Fehlalarm ist: bitte umgehend diesen völligen Unsinn von GDATA deinstallieren.

Auch WinZIP 25.0 ist völlig überflüssigern Nonsens. Weg damit.

Gib Bescheid wenn beides weg ist, dann gehts weiter
__________________

__________________

Alt 04.11.2021, 13:10   #3
Scott1980
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



Erledigt
__________________

Alt 04.11.2021, 13:12   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



adwCleaner

Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags.

adwcleaner bitte wiederholen falls es Funde gab.

Alt 04.11.2021, 13:31   #5
Scott1980
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-04-2021
# Duration: 00:00:05
# OS:       Windows 10 Home
# Cleaned:  5
# Awaiting reboot:1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER
Deleted       Preinstalled.LenovoIMController   Folder   C:\Users\Internet\AppData\Local\LENOVO\IMCONTROLLER
Deleted       Preinstalled.LenovoIMController   Folder   C:\Users\sempe\AppData\Local\LENOVO\IMCONTROLLER
Deleted       Preinstalled.LenovoIMController   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Needs Reboot  Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****
         

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-04-2021
# Duration: 00:00:07
# OS:       Windows 10 Home
# Scanned:  32013
# Detected: 5


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.
         


Alt 04.11.2021, 13:34   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



Ok, nun ne neue FRST.txt und Addition.txt
__________________
--> MSIL.Trojan.Kryptik.RN

Alt 04.11.2021, 13:42   #7
Scott1980
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2021
Ran by sempe (administrator) on LAPTOP-G4EJFLFU (LENOVO 81W2) (04-11-2021 13:36:01)
Running from C:\Users\Internet\Desktop
Loaded Profiles: sempe & Internet
: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Access Denied)  [File not signed] C:\Windows\Temp\1EC0F82B-1478-4C66-BE47-78CDD0F647BD\MpSigStub.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361437.inf_amd64_b82dc71fab24f1f3\B361368\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361437.inf_amd64_b82dc71fab24f1f3\B361368\atiesrxx.exe
(devolo AG -> devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DABB4F~1.INF\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0222c12a396c055f\DAX3API.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.Amd64.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.exe <5>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.x86.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Internet\Desktop\adwcleaner_8.3.0.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe <2>
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe <3>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\updateplatform.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d345565ec73a109\RtkAudUService64.exe <2>
(Shenzhen Goodix Technology Co., Ltd. -> Goodix) C:\Windows\System32\drivers\SessionService.exe
0 C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.1.32.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
0 C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21084.79.0_x64__8wekyb3d8bbwe\YourPhone.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d345565ec73a109\RtkAudUService64.exe [1230392 2021-01-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-2254628894-3832615501-915599853-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\Mozilla Firefox\firefox.exe -os-restarted
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\...\Run: [381BF5FBD1BF031E733D979F800D1F397599C48C._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\...\Run: [MicrosoftEdgeAutoLaunch_8F3D81AFF99A6A750B733B4DAFFB12B7] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\...\MountPoints2: {0b14e3fa-4396-11eb-aa7e-000ec68e8eac} - "D:\HiSuiteDownLoader.exe" 

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D5335DF-5F5E-4D0A-B0B3-EBF4CA1F3A53} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {14133F4D-C859-4940-8966-430D2536A368} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.11.630\mcdatrep.exe
Task: {16FF2A2C-ACE8-42CF-B3F2-DC5824664F5B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\21b2ec3b-e975-4bd6-9108-97b4ea81a20e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {17F81626-8549-4FFE-A7D2-3E826B8F2D9F} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {305CCD2D-F337-4444-8B95-09A9993F519A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {49EC16ED-6902-4339-9DB1-99CEB30394FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {75CF40F8-99E3-4CDF-81CF-1D196B9A90ED} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {78C25AF3-CC0B-4BDE-BBB8-675BBDF6BAB6} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {83425B11-80D6-4D72-9A00-D0318A25E4A8} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe
Task: {85C7EB81-95F2-4B98-A540-CD1B1532553B} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {8D27360C-FA72-435F-A226-ADA06A59460A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\936aa4d1-6a42-4a9d-bb73-30bb37d53c02 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {AF6A162E-4720-432A-965B-523260CF2BC7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {B11E96B7-2BFC-4A4F-8D90-766BA627E3DC} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {B82D1C74-C8DB-4099-81DC-38E9A22B2317} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7f681fad-7678-4481-b079-21cc23edb78f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {C47EEF6F-C79E-46B3-871A-CC827E8ADD88} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {C514E35E-F5D6-4498-A847-E9FBDBCAFD84} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1bd61561-cacf-4225-8ecb-5ecf17710240 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {D8A480A4-1450-4462-A643-E865693984C8} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Internet\Desktop\adwcleaner_8.3.0.exe [8553680 2021-11-04] (Malwarebytes Inc -> Malwarebytes)
Task: {DCDDADC3-ADA6-4DE0-93D3-C57AF1D54A9B} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.126\DADUpdater.exe
Task: {E1E346AF-36CE-4766-8969-2A38A0563307} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {E29CA6C0-A05A-4755-B4CF-D7E530801F4E} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {EF56D83C-4394-4A89-BD7B-AC5C15D7802A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62440 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {FB0459BF-0020-4395-932A-55EA0E3E73A9} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
Task: {FB89780E-AB89-4CC0-A14A-CDAE3DC4D174} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{b21f1183-c1be-4ff1-86a2-148826aff19c}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d2c0cdde-b6dc-41db-a8de-286ccbcdab5c}: [DhcpNameServer] 150.209.1.2
Tcpip\..\Interfaces\{ebfbc786-898a-4bb2-988a-e88e61efb80b}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\sempe\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-22]

FireFox:
========
FF DefaultProfile: uw4f7abg.default
FF ProfilePath: C:\Users\sempe\AppData\Roaming\Mozilla\Firefox\Profiles\uw4f7abg.default [2020-10-25]
FF ProfilePath: C:\Users\sempe\AppData\Roaming\Mozilla\Firefox\Profiles\q5adzvby.default-release [2020-11-22]
FF Homepage: Mozilla\Firefox\Profiles\q5adzvby.default-release -> www.web.de
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-12] (Microsoft Corporation -> Microsoft Corporation)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [6108344 2021-07-13] (devolo AG -> devolo AG)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0222c12a396c055f\DAX3API.exe [2301912 2021-01-04] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [334728 2020-12-20] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe [539128 2021-08-26] (Lenovo -> Lenovo(beijing) Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe [31248 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1820080 2021-02-06] (Lenovo -> Lenovo(beijing) Limited)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2021-07-13] (devolo AG -> Riverbed Technology, Inc.)
S3 TDKLIB; c:\windows\TempInst\TdkLib64.sys [37288 2021-07-27] (Phoenix Technologies Ltd. -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-04 13:36 - 2021-11-04 13:36 - 000016092 _____ C:\Users\Internet\Desktop\FRST.txt
2021-11-04 13:25 - 2021-11-04 13:25 - 000003188 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2021-11-04 13:18 - 2021-11-04 13:25 - 000000000 ____D C:\AdwCleaner
2021-11-04 13:16 - 2021-11-04 13:16 - 008553680 _____ (Malwarebytes) C:\Users\Internet\Desktop\adwcleaner_8.3.0.exe
2021-11-04 13:04 - 2021-11-04 13:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-11-04 13:04 - 2021-11-04 13:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2021-11-04 13:00 - 2021-11-04 13:00 - 001828352 _____ C:\Users\Internet\Downloads\AVCleaner.exe
2021-11-04 10:59 - 2021-11-04 13:36 - 000000000 ____D C:\FRST
2021-11-04 10:57 - 2021-11-04 10:57 - 002311168 _____ (Farbar) C:\Users\Internet\Desktop\FRST64.exe
2021-10-16 13:17 - 2021-10-16 13:17 - 000000000 ___HD C:\$WinREAgent
2021-10-16 13:06 - 2021-10-16 13:06 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-16 13:06 - 2021-10-16 13:06 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-16 13:06 - 2021-10-16 13:06 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-16 13:06 - 2021-10-16 13:06 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-16 13:06 - 2021-10-16 13:06 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-16 13:06 - 2021-10-16 13:06 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-16 13:06 - 2021-10-16 13:06 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-13 08:31 - 2021-10-16 13:14 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-04 13:35 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-11-04 13:31 - 2021-03-15 17:16 - 001632020 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-04 13:31 - 2019-12-07 15:50 - 000707136 _____ C:\WINDOWS\system32\perfh007.dat
2021-11-04 13:31 - 2019-12-07 15:50 - 000142394 _____ C:\WINDOWS\system32\perfc007.dat
2021-11-04 13:31 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-04 13:29 - 2020-10-25 16:55 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-04 13:28 - 2020-10-25 17:11 - 000000000 ____D C:\Users\Internet\AppData\LocalLow\Mozilla
2021-11-04 13:28 - 2020-07-26 07:38 - 000000000 ____D C:\ProgramData\Lenovo
2021-11-04 13:27 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-04 13:25 - 2021-03-15 17:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-04 13:25 - 2021-03-15 17:07 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-04 13:25 - 2020-10-25 16:23 - 000000000 ____D C:\Users\sempe\AppData\Local\Lenovo
2021-11-04 13:25 - 2020-07-26 07:47 - 000000000 ____D C:\ProgramData\Goodix
2021-11-04 13:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-04 13:25 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-11-04 13:17 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-11-04 13:07 - 2020-12-29 17:13 - 000000000 ____D C:\ProgramData\WinZip
2021-11-04 13:06 - 2020-11-22 10:55 - 000000000 ____D C:\Program Files (x86)\G DATA
2021-11-04 13:04 - 2021-03-15 17:07 - 000525688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-04 13:03 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-11-04 13:03 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2021-11-04 13:03 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-11-04 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-04 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-11-04 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-11-04 12:55 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-04 12:55 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-04 11:53 - 2021-03-15 17:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-04 10:00 - 2020-10-25 17:09 - 000000000 ____D C:\Users\Internet\AppData\Local\Packages
2021-11-03 11:01 - 2020-07-26 07:39 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-03 10:54 - 2021-03-15 17:12 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2254628894-3832615501-915599853-1003
2021-11-03 10:54 - 2021-03-15 16:30 - 000002415 _____ C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-03 10:54 - 2020-11-13 21:23 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-03 10:54 - 2020-11-13 21:23 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-20 13:02 - 2021-03-15 16:30 - 000000000 ____D C:\Users\Internet
2021-10-17 17:16 - 2020-10-25 17:09 - 000000000 ____D C:\Users\Internet\AppData\Local\D3DSCache
2021-10-16 13:21 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-16 13:14 - 2020-10-25 16:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-10-16 13:13 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-16 13:13 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-16 13:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-16 13:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-16 13:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-16 13:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-16 13:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-16 13:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-16 13:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-16 12:51 - 2020-10-25 16:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-16 12:49 - 2020-10-25 16:40 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-14 08:08 - 2021-02-08 09:26 - 000005223 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2021-10-13 15:19 - 2021-08-25 11:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-10-13 15:19 - 2020-10-25 16:55 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-10-13 08:18 - 2021-04-27 12:37 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d719b5d4b53d04
2021-10-13 08:18 - 2021-03-15 17:12 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-13 08:16 - 2020-10-25 16:44 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2020-11-22 10:55 - 2020-11-22 10:55 - 000000000 _____ () C:\Users\sempe\AppData\Roaming\gdfw.log
2020-11-22 10:55 - 2020-11-22 10:55 - 000000779 _____ () C:\Users\sempe\AppData\Roaming\gdscan.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
         
--- --- ---

--- --- ---




[CODE]tional
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2021
Ran by sempe (04-11-2021 13:38:39)
Running from C:\Users\Internet\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) (2021-03-15 16:12:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2254628894-3832615501-915599853-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2254628894-3832615501-915599853-503 - Limited - Disabled)
Gast (S-1-5-21-2254628894-3832615501-915599853-501 - Limited - Disabled)
Internet (S-1-5-21-2254628894-3832615501-915599853-1003 - Limited - Enabled) => C:\Users\Internet
sempe (S-1-5-21-2254628894-3832615501-915599853-1001 - Administrator - Enabled) => C:\Users\sempe
WDAGUtilityAccount (S-1-5-21-2254628894-3832615501-915599853-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA TOTAL SECURITY (Disabled - Up to date) {306EF9D4-90EF-3FB7-151E-73C2982F8C0E}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: G DATA TOTAL SECURITY (Disabled) {085578F1-DA80-3EEF-3E41-DAF766FCCB75}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 5.1.7.638 - devolo AG)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.9.23.0 - Lenovo Group Ltd.)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.14527.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2254628894-3832615501-915599853-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2254628894-3832615501-915599853-1003\...\OneDriveSetup.exe) (Version: 21.205.1003.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 93.0 (x64 de)) (Version: 93.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden

Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-10-22] (Advanced Micro Devices Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0 [2020-10-25] (Spotify AB) [Startup Task]
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.5.0_x86__xpfg3f7e9an52 [2021-03-15] (New Work SE)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2254628894-3832615501-915599853-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll => No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-11-04 10:00 - 2021-11-04 10:00 - 000093184 _____ (Lenovo(beijing) Limited) [File not signed] C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.1.32.0_x64__5grkq8ppsgwt4\LaunchUtility\kbdhook.dll
2020-05-30 15:04 - 2020-05-30 15:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\Vantage\Addins\GenericTelemetryAddin\1.0.0.34\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2254628894-3832615501-915599853-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=LCTE
HKU\S-1-5-21-2254628894-3832615501-915599853-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=LCTE
HKU\S-1-5-21-2254628894-3832615501-915599853-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=LCTE
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=LCTE
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2021-11-04 13:03 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2254628894-3832615501-915599853-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-2254628894-3832615501-915599853-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{371C709C-AA2B-4FB9-B234-6355C5AE99AE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7F56A6DC-9FD7-4D61-8BED-AA0D23875E33}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{94A4C14F-2DDC-4AAC-A641-6DE125F9139F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5EEF9EE5-3026-4EA8-9017-638D0660BEFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0C58299-DD1A-4DB9-91C2-3E7DA791526B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DCAE5E55-9EE6-408E-BF4C-5AFFD4155946}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A8BD4F22-7FA7-4C9B-B049-B595DD6351E9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C94787AF-C99D-404B-8991-745A66E86B8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D5D734F6-CB86-4991-B8EC-3B15948CE94E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8A336A34-A722-4A5F-922C-1B131FEF036E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D11CB514-705B-4909-9812-3E8AE82D9E00}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{F8DCF6C0-6910-4100-B5C4-A92D1025F15D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{BA6CDC99-0A43-4DAC-AF76-D91C5E9C186B}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{66BC6317-7227-46B3-BD7A-F0204AF520EE}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{D17C6C22-2149-4776-A77B-4F1E9668D4F9}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{5EDC9148-6454-44A3-8F2D-590C963A537F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8B0DCBF-2E2F-4F6C-B758-9D0B8162397B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.40\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{93F9210E-738D-4D39-A1C1-EC210F9E0412}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61D35EA1-10B5-4D61-8680-A795F7893F2F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{768F99C8-DE9A-4949-9072-C0ACD1335AC0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{917E385F-2731-456F-B5E1-B758DAB18EB4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B30E4A9B-7098-4039-B4C5-2FCFB25A80E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4CB914E5-E189-4D8B-AE9E-A9173FAC7450}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{164D6280-C1FF-4B50-A174-C44B450462BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5D4EECBD-3A88-4B65-AA47-4B2E32EDF343}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D06AFE23-11C6-4106-B94D-B4136DE1D512}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CB68D1AD-6C1A-492E-BD98-6E12245F0DB5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C23D9A42-CB9C-4689-B114-16A58BA1A1D7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1ED6EA16-17D8-40D4-B5B0-C64CB3822A4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

16-10-2021 12:52:26 Windows Modules Installer
04-11-2021 10:02:43 Geplanter Prüfpunkt
04-11-2021 13:24:48 AdwCleaner_BeforeCleaning_04/11/2021_13:24:47

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/04/2021 01:25:44 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\LAPTOP-G4EJFLFU$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 04 Nov 2021 12:25:43 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: a8bc0d1c-3205-4a0e-9b04-2222af182b87

Methode: GET(296ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/04/2021 01:25:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.

Error: (11/04/2021 01:25:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]

Error: (11/04/2021 01:07:10 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\LAPTOP-G4EJFLFU$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 04 Nov 2021 12:07:10 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: c30b2cff-d097-46b7-8955-839a409a10dd

Methode: GET(265ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/04/2021 01:04:54 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\LAPTOP-G4EJFLFU$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 04 Nov 2021 12:04:54 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: da356261-16d2-42f7-8d3f-ca42a29c0964

Methode: GET(266ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/04/2021 01:03:44 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Das Sicherheitscenter konnte den Aufrufer nicht überprüfen. Der Fehler %1 ist aufgetreten.

Error: (10/20/2021 12:21:13 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\LAPTOP-G4EJFLFU$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 20 Oct 2021 11:21:12 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 5d5519bc-1413-4d77-9cc0-bf66c1bf9a4a

Methode: GET(313ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (10/16/2021 01:31:18 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\LAPTOP-G4EJFLFU$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 16 Oct 2021 12:31:17 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 3097dc34-c88b-4432-95a3-cd4e3c083489

Methode: GET(485ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)


System errors:
=============
Error: (11/04/2021 01:25:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "System Interface Foundation Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/04/2021 01:25:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/04/2021 01:25:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LenovoVantageService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/04/2021 01:25:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo Notebook ITS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/04/2021 01:25:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Session Detection" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/04/2021 01:25:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Qualcomm Atheros WLAN Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/04/2021 01:25:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Realtek Audio Universal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/04/2021 01:25:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Fortemedia APO Control Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===============
Date: 2021-11-04 13:03:44
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Common Files\G Data\AVKProxy\GDAMSIx64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-04 13:03:21
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\G DATA\TotalSecurity\AVK\avkwscpe.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

BIOS: LENOVO E8CN28WW 05/14/2021
Motherboard: LENOVO LNVNB161216
Processor: AMD Athlon Silver 3050U with Radeon Graphics 
Percentage of memory in use: 57%
Total physical RAM: 6020.26 MB
Available physical RAM: 2547.18 MB
Total Virtual: 7492.26 MB
Available Virtual: 3237.92 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:179.99 GB) NTFS

\\?\Volume{f83ec5a2-9135-4364-91d7-a57b2cfe6fc7}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{ef163d40-a52d-42e8-a2dc-55f7a0a600ce}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 0B4A8150)

Partition: GPT.

==================== End of Addition.txt =======================
         
--- --- ---

--- --- ---

Alt 04.11.2021, 13:45   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



Scripting/Repair mit FRST64

WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!

  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    CloseProcesses:
    AV: G DATA TOTAL SECURITY (Disabled - Up to date) {306EF9D4-90EF-3FB7-151E-73C2982F8C0E}
    AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
    FW: G DATA TOTAL SECURITY (Disabled) {085578F1-DA80-3EEF-3E41-DAF766FCCB75}
    FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
    emptytemp:
    End::
             
  • Starte nun FRST und klicke direkt den Reparieren Button.Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Alt 04.11.2021, 13:55   #9
Scott1980
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



FRST Logfile:

Code:
ATTFilter
ntfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-11-2021
durchgeführt von Internet (04-11-2021 13:52:53) Run:1
Gestartet von C:\Users\Internet\Desktop
Geladene Profile: sempe & Internet
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
AV: G DATA TOTAL SECURITY (Disabled - Up to date) {306EF9D4-90EF-3FB7-151E-73C2982F8C0E}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: G DATA TOTAL SECURITY (Disabled) {085578F1-DA80-3EEF-3E41-DAF766FCCB75}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
emptytemp:

*****************

Prozesse erfolgreich geschlossen.
AV: G DATA TOTAL SECURITY (Disabled - Up to date) {306EF9D4-90EF-3FB7-151E-73C2982F8C0E} => Fehler beim Entfernen des Produkts . Error: -2147352567
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C} => Fehler beim Entfernen des Produkts . Error: -2147352567
FW: G DATA TOTAL SECURITY (Disabled) {085578F1-DA80-3EEF-3E41-DAF766FCCB75} => Fehler beim Entfernen des Produkts . Error: -2147352567
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57} => Fehler beim Entfernen des Produkts . Error: -2147352567

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47814150 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 952100 B
Firefox => 51712718 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
sempe => 0 B
Internet => 211683850 B

RecycleBin => 92386263 B
EmptyTemp: => 385.8 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 13:53:09 ====
         

Alt 04.11.2021, 13:58   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



Kontrollscans mit MBAM und RK

Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit
Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.

Alt 04.11.2021, 14:55   #11
Scott1980
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 04.11.21
Scan-Zeit: 14:10
Protokolldatei: 9b8c7f4e-3d70-11ec-b414-000000000000.json

-Softwaredaten-
Version: 4.4.9.142
Komponentenversion: 1.0.1486
Version des Aktualisierungspakets: 1.0.46774
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 19043.1288)
CPU: x64
Dateisystem: NTFS
Benutzer: LAPTOP-G4EJFLFU\Internet

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Completed
Gescannte Objekte: 340971
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 8 Min., 16 Sek.
         
Code:
ATTFilter
Program            : RogueKiller Anti-Malware
Version            : 15.1.2.0
x64                : Yes
Program Date       : Nov  3 2021
Location           : C:\Users\Internet\Desktop\RogueKiller_portable64.exe
Premium            : No
Company            : Adlice Software
Website            : https://www.adlice.com/
Contact            : https://adlice.com/contact/
Website            : https://adlice.com/download/roguekiller/
Operating System   : Windows 10 (10.0.19043) 64-bit
64-bit OS          : Yes
Startup            : 0
WindowsPE          : No
User               : sempe
User is Admin      : Yes
Date               : 2021/11/04 13:52:13
Type               : Removal
Aborted            : No
Scan Mode          : Standard
Duration           : 1224
Found items        : 2
Total scanned      : 60716
Signatures Version : 20211102_094554
Truesight Driver   : Yes
Updates Count      : 2

************************* Warnings *************************
         

Alt 04.11.2021, 14:56   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



Dann wären wir durch!

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Abschließend bitte noch einen Cleanup mit unserem TB-Cleanup-Script durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:


Alt 04.11.2021, 14:57   #13
Scott1980
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



Hallo,

Super - Danke für deine Hilfe

Alt 04.11.2021, 20:00   #14
M-K-D-B
/// TB-Ausbilder
 
MSIL.Trojan.Kryptik.RN - Standard

MSIL.Trojan.Kryptik.RN



Wir sind froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.

Thema geschlossen

Themen zu MSIL.Trojan.Kryptik.RN
administrator, adware, browser, computer, defender, fehler, firefox, firewall, home, homepage, iexplore.exe, internet, internet explorer, log, monitor, mozilla, realtek, registry, rundll, software, system, updates, usb, windows, wmi



Ähnliche Themen: MSIL.Trojan.Kryptik.RN


  1. Win7 trojan.kovter gefunden TR/Dropper.MSIL.Gen, Rechner extrem langsam und stürzt teilweise ab.
    Log-Analyse und Auswertung - 14.01.2018 (31)
  2. Trojan.Injector.MSIL in Quarantäne, trotzdem funktioniert Google Chrome nicht
    Plagegeister aller Art und deren Bekämpfung - 14.03.2017 (16)
  3. Destroy Windows 10 Spying: Trojan.Dropper.MSIL
    Log-Analyse und Auswertung - 05.05.2016 (3)
  4. W7: MBAM meldet Trojan.Injector.MSIL / nach Löschen der Datei keine Funde mehr
    Plagegeister aller Art und deren Bekämpfung - 01.01.2016 (6)
  5. Falsche Seite besucht, nun Trojaner-Problem Trojan.Agent.MSIL etc
    Plagegeister aller Art und deren Bekämpfung - 31.08.2015 (7)
  6. Trojan.Psuedo.vnc und Trojan.MSIL gefunden
    Log-Analyse und Auswertung - 08.09.2014 (12)
  7. Trojan.MSIL.DomaIQ.A (B)
    Plagegeister aller Art und deren Bekämpfung - 14.06.2014 (21)
  8. Trojan.MSIL
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (11)
  9. Win32/Kryptik.BDQK trojan entdeckt
    Log-Analyse und Auswertung - 30.06.2013 (8)
  10. Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (7)
  11. Trojan.Agent/Gen-Kryptik
    Log-Analyse und Auswertung - 13.10.2012 (4)
  12. Trojan.Agent/Gen-Kryptik
    Log-Analyse und Auswertung - 28.08.2012 (3)
  13. Trojan.Proxy und TR Kryptik.jec gefunden - Online Banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (2)
  14. TR/Kryptik.gyh.3 , TR/Trash.Gen' [trojan] eingefangen .
    Log-Analyse und Auswertung - 19.02.2012 (24)
  15. Generic.Bot.H, Riskware.Tool.CK, Trojan.MSIL und andere Funde
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (9)
  16. syspck32.exe Win32/Rootkit.Kryptik.AF trojan
    Log-Analyse und Auswertung - 05.10.2010 (19)
  17. Win32/Kryptik.BDR trojan
    Plagegeister aller Art und deren Bekämpfung - 17.12.2009 (9)

Zum Thema MSIL.Trojan.Kryptik.RN - Hallo, G-Data hat folgendes gefunden und in die Datei in die Quarantäne verschoben. Hier der Log von G Data Code: Alles auswählen Aufklappen ATTFilter Datei: C:\ProgramData\Lenovo\Vantage\Addins\Lenovo.Vantage.SmartPerformanceAddin\1.0.0.144\SmartCareSDK.dll Virus: MSIL.Trojan.Kryptik.RN (Engine B) - MSIL.Trojan.Kryptik.RN...
Archiv
Du betrachtest: MSIL.Trojan.Kryptik.RN auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.